ONVIF to End Support for Profile Q in 2022
Developed to provide easy setup of a conformant device on an IP network, ONVIF says Profile Q no longer meets cybersecurity best practices.
SAN RAMON, Calif. — ONVIF, a global standardization initiative for IP-based physical security products, announces that it will end its support for Profile Q early next year as it contains certain specifications that are no longer consistent with current cybersecurity best practices.
Profile Q was developed to provide easy setup of a conformant device on an IP network. It requires a Profile Q conformant device to allow anonymous access to all ONVIF commands during the setup process in the factory default state.
This does not follow current cybersecurity best practices, which recommend, among other things, that a network device require users to set passwords and other access rights before the device can be used, according to ONVIF.
Since the specifications of a profile cannot be changed as it would impact interoperability between products that conform to a specific profile, Profile Q will be deprecated on March 31, 2022.
“ONVIF conformant products are used in a wide variety of industries and geographies, with different requirements when it comes to cybersecurity policies or best practices,” says Leo Levit, chairman of the ONVIF Steering Committee. “As these cyber threats evolve quickly, it’s important that users are aware of these best practices to ensure they are implementing cybersecurity measures that are appropriate for their organization.”
ONVIF says it recommends following industry best practices and local regulations and staying informed about technology changes from the market. The ONVIF Network Interface Specifications have defined network protocols that include security elements such as transport layer security (TLS), which allows ONVIF devices with that feature to communicate with clients across a network in a way that protects against eavesdropping and tampering.
ONVIF specifications also cover the ONVIF Default Access Policy, which specifies that there should be different access classes to services based on different user roles. Manufacturers can implement these ONVIF specifications regardless of whether the specifications are included in a profile or not.
Further information about ONVIF conformant products, including member companies and their conformant models, is available on the ONVIF website.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!