SECS/GEM Dispenser Systems Security Standard
Security standard for self-contained dispenser systems
Dispenser systems security standard supports SECS/GEM compliance
Our dispenser systems are designed to be self-contained, with no requirement for network communications outside of the internal network environment (see Diagram A), while still supporting the option of attachment to the customer network in support of SECS/GEM compliance.
Our systems are configured to maximize security through minimization of attack surface, implementation of strong authentication, and restrictions on network communications as follows:
- All authentication is configured to use non-default credentials and strong passwords.
- All services not specifically in use and required by the system have been disabled.
- Communications between the internal system and the customer network are restricted to allow only required ports and protocols in support of SECS/GEM compliance (see Diagram A).
The router (see Diagram A) represents the demarcation between the internal system and the external network.
The customer is responsible for the physical security of the device and for any physical or technical controls outside of the internal system including VLAN isolation, firewalls, additional ACLs, etc.
Last Updated: 05/22/2020