ANNEX B: General Cybersecurity Guidelines (IP Video Surveillance
System)
S/No Guidelines Details
Areas of Applicability
Camera NVR VMS
1
Product shall be promptly
updated with the latest
rmware/ software updates/
security patches
Regular rmware and OS updates (every month)
√ √ √
Unsupported product shall be replaced
√ √ √
2 Strong Password
Change default passwords
√ √ √
Use complex password of 12-character length,
with combination of at least 3 out of the 4
following groups: uppercase, lowercase, special
characters and numbers
√ √ √
Change password regularly (every 6 to 12
months)
√ √ √
Passwords are not displayed in clear
√ √ √
3 Account Management
Unique account for individual
√ √ √
Timely removal of unnecessary accounts
√ √ √
CCTV operators shall only have read-only
access
√ √ √
4 Session Security Use HTTPS/TLS where possible
√ √ √
5 Cryptography Use strong cryptographic algorithms.
√ √ √
6 Hardware Root-of-Trust
Use equipment that implements hardware root-
of-trust where possible
√ √ √
7 Device and System Hardening
Use Surveillance Product Hardening Guides
√ √ √
Operating System Hardening Guides (e.g. refer
to “Centre for Internet Security”)
√
8 Network Access Control
Segregation from Internet (physical, via rewall
to restrict access to only authorised Internet
destinations)
√ √ √
Secure remote access using VPN and MFA
√ √ √
Network switch port authentication (MAC
address whitelist, 802.1x)
√ √ √
9 Event logging
Log all user access and administrator activities
√ √
Regular log review for anomaly
√ √
10 Anti-Malware Use up to date anti-malware versions
√ √
11 Clock synchronisation
Congure to retrieve time from a single NTP
source
√ √ √
12 Physical Access Control
Use secure hosting facility
√ √
Use secure rack where possible
√ √
Protect power and network cables/connectors
using conduits
√ √ √
13 Resilience
Perform regular backup
√ √
Perform Business Continuity and Disaster
Recovery exercises where possible
√ √ √
NVR- Network Video Recorder
VMS- Video Management System
OFFICIAL (OPEN) 23