Hâlen dilinizi öğreniyoruz

milestonesys.com adresindeki sayfaların tümünü mümkün olan en çok dilde sunmak için çalışıyoruz. Ancak bu süreç biraz zaman alıyor. İşlevlerimizin çoğu çok dilli olmasına karşın bunun gibi bazı sayfalar henüz yerel dilinizde mevcut değildir.
Anlayışınız için teşekkür ederiz.

TAMAM, ANLIYORUM

FIPS 140-2

FEDERAL INFORMATION PROCESSING STANDARDS

Federal government agencies required to comply with FIPS 140-2, can now operate XProtect in a FIPS compliant mode.

SEE THE COMPLIANT DEVICE DRIVERS

Deploy XProtect 2020 R3 in a
FIPS 140-2 compliant mode

Milestone XProtect® 2020 R3 meets the latest security requirements, allowing federal government agencies required to comply with FIPS 140-2, to operate XProtect in a FIPS compliant mode
About FIPS
FIPS & XProtect
FIPS toolbox
Device connections

About FIPS

FIPS stands for Federal Information Processing Standards. It is a set of standards that describe encryption algorithms and other information technology processes for use within non-military federal government agencies and by government contractors and vendors who work with these agencies across the United States and Canada. 

FIPS is developed by the National Institute of Standards and Technology (NIST) in the United States, and the Communications Security Establishment (CSE) in Canada.
Federal Information Processing Standards 140-2 (FIPS 140-2) is an information technology security accreditation program for validating that the cryptographic modules produced by private sector companies meet well-defined security standards. 

FIPS 140-2 specifies what encryption modules are approved and prohibits agencies from using unapproved cryptography on sensitive data within the federal government.

All software solutions deployed in US government installations and in highly regulated industries such as healthcare and finance in North America are required to comply with this standard.

FIPS & XProtect

To meet the needs of customers required to comply with FIPS 140-2, Milestone made all necessary developments in XProtect 2020 R3 that meet FIPS requirements. These developments include using only FIPS approved cryptography modules such as Microsoft’s Cryptography New Generation (CNG). Such developments allow users to operate XProtect 2020 R3 in a FIPS 140-2 compliant mode in Windows.

Users required to comply with FIPS must upgrade to XProtect 2020 R3
To configure XProtect 2020 R3 to operate in a FIPS 140-2 compliant mode, users must:
  • Enable FIPS security policy in Windows OS
  • Ensure third-party integrations can run on a FIPS enabled Windows OS
  • Connect devices in a way that ensures a FIPS compliant mode of operation
  • Ensure data in the media database is encrypted with FIPS approved encryption modules

FIPS toolbox

To configure XProtect 2020 R3 to operate in a FIPS 140-2 compliant mode, it is imperative to make sure that sensitive data is encrypted according to the standard. Milestone built a unique upgrade process for customers required to comply with FIPS 140-2.

Use our recommendations, best practices, and guidelines specified in the tools below to learn more about how to configure your XProtect video surveillance system to operate in a FIPS 140-2 compliant mode.

Device connections

XProtect 2020 R3 can guarantee a FIPS 140-2 compliant mode of operation when communicating with devices if:
1.Only specified drivers are used to connect to the devices (see below)

2.Device pack version 11.1c (August 2020) or later is used

3.Connection to devices is over HTTPS or SRTP/ (RTSP over HTTPS), for the video stream

4.FIPS is enabled on Windows OS on the Recording Server machine
  • FIPS compliancy will not be enforced in systems that can’t adhere to the FIPS 140-2 device connectivity requirements so that device connectivity can be upheld. XProtect will not operate in a FIPS 140-2 compliant mode in this case.
  • The driver modules can't guarantee FIPS 140-2 compliancy for a connection over HTTP or over HTTPS without support for TLS1.2.
  • Drivers from the Legacy Driver Device pack can't guarantee a FIPS 140-2 compliant connection under any circumstance.
  • The use of ONVIF or Universal Drivers that are not specified for a given device on the Milestone Supported Devices page, can lead to changes of functionality and additional license cost

COMPLIANT DEVICE DRIVERS

Device drivers that guarantee a FIPS 140-2 compliant mode of operation
Compliant device drivers

FIPS 140-2 compliant

Axis

Axis device drivers that guarantee a FIPS 140-2 compliant mode of operation:

Axis11ChDevice​ 
Axis12ChDevice​
Axis1ChDevice​
Axis1ChPtzDevice​
Axis2ChDevice​
Axis3ChDevice​
Axis4ChCamera​
Axis4ChDevice​
Axis8ChDevice​
AxisAudioDevice​
AxisOneClick​

Bosch

Bosch device drivers that guarantee a FIPS 140-2 compliant mode of operation:

Bosch16ch​
Bosch1ch​
Bosch2ch​
Bosch3ch​
BoschPTZ​
BoschX20XF​
BoschX40XF​

Canon

Canon device drivers that guarantee a FIPS 140-2 compliant mode of operation:

Canon1ChDevice​
Canon1ChPtzDevice​
CanonVBM
Canon VBM40
CanonVBS
CanonVBSNoPtz

Digital Barriers

DigitalBarriersTVIDecoder

Hanwha

HanwhaGeneric

MP/VideoPush

MP/VideoPush driver

ONVIF

ONVIF drivers

Universal

Universal drivers


European Privacy Seal

GDPR-ready certification

XProtect Corporate
GDPR-ready certified

 Milestone XProtect® Corporate obtained the highly sought-after EuroPriSe GDPR-ready certification. Read more about it and get access to relevant materials and tools
GDPR-ready
certification
About
GDPR
How Milestone
can help
GDPR
toolbox
GDPR
info kit

Milestone XProtect® Corporate has been added to the list of XProtect Corporate product versions that obtained EuroPriSe GDPR-ready certification.The certification is issued by the recognized and independent EuroPriSe – European Privacy Seal institute, where XProtect Corporate has been checked by independent experts and approved by an impartial certification body. Building on the native XProtect cybersecurity features, the certification covers all core VMS functions in accordance with EuroPriSe’s documented scope of evaluation.

The EuroPriSe GDPR-ready certification proves that XProtect Corporate fulfills EuroPriSe’s certification criteria as defined in the criteria catalogue v201701*. The GDPR-ready seal and the extensive guidelines and recommendations provided by Milestone provides end users with a solid foundation for the establishment of a GDPR compliant video surveillance operation, while simplifying and reducing the cost of GDPR preparation.

Click here for more information about the certification and a full list of XProtect Corporate product versions that obtained EuroPriSe GDPR-ready certification.

*) EuroPriSe's criteria catalogue v201701 catalogue is pending approval pursuant to Article 42(5) GDPR and EuroPriSe GmbH has not been accredited as a certification body pursuant to Article 43 GDPR yet. EuroPriSe is dedicated to receiving the approval of its certification criteria and the accreditation as a certification body in accordance with Art. 42 f. GDPR asap. 

 

GDPR – data protection regulations with global relevance

General Data Protection Regulation (GDPR) is a strict EU regulation devised to protect data and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

While GDPR is an EU regulation, it has influenced numerous domestic regulations and become the standard for personal data protection in many other parts of the world since its enforcement in May 2018.

We believe in the core values outlined in the GDPR, which include:

THE RIGHT TO BE INFORMED, GDPR Article 12-14 & 33

Information about what personal data that is collected and how long it is retained. The right to be informed in case of a data breach.

THE RIGHT OF ERASURE, GDPR Article 17

The right to be forgotten, including the deletion of personal data. Information about how long it is kept.

THE RIGHT OF ACCESS, GDPR Article 15

Ability to get access to own personal data. What personal data is being processed and the rationale for such processing.

THE RIGHT OF OBJECT, GDPR Article 21

The right object to the processing of personal data.Who and how to contact the Data Controller.

 

How to ensure a GDPR compliant video surveillance operation

Ensuring compliance with GDPR and similar data privacy laws requires careful planning and preparation of the design of your video surveillance system and the policies and procedures regulating how it is used.

To help system integrators and end-customers design, implement and operate video surveillance systems that are compliant with GDPR and other similar privacy regulations, Milestone provides a holistic set of tools.

Here’s how Milestone helps you to become GDPR compliant:

Check-out the individual tools in the GDPR toolbox tab.

Holistic toolbox for System Integrators and End-users

Selecting a video management product that is certified to contain all required cybersecurity and privacy protection features is a good start, but not enough to ensure operational GDPR compliance of your video surveillance installation.

Use our freely available recommendations, best practices and training resources to build awareness on cybersecurity and privacy protection. With this toolbox you are set for a good start on your journey to a secure and GDPR compliant use of your XProtect video surveillance system.

SYSTEM HARDENING
GUIDE


The guide provides cybersecurity recommendations for the complete solution stack including network infrastructure, server hardware, operating systems and the VMS.

DOWNLOAD HERE

GDPR PRIVACY
GUIDE


Contains the essence of GDPR and how it applies to video surveillance, including ready to use templates, and recommendations for how to design, implement and operate a GDPR compliant VMS installation.

DOWNLOAD HERE

PRIVACY AWARENESS
TRAINING


Free online end-user eLearning course designed to build privacy awareness and maturity to support end-customers’ GDPR implementations.

GO TO eLearning

Get access to the GDPR Information Kit

The GDPR Information Kit provides further information about GDPR and how
Milestone helps end-customers become GDPR compliant.

ACCESS THE GDPR INFO KIT

Need more information about compliance?