ONVIF has announced that it will end its support for Profile Q early next year since it contains certain specifications that are no longer consistent with current cybersecurity best practices.
Profile Q was developed to provide easy setup of a conformant device on an IP network. It requires a Profile Q conformant device to allow anonymous access to all ONVIF commands during the setup process in the factory default state. This does not follow current cybersecurity best practices, which recommend, among other things, that a network device require users to set passwords and other access rights before the device can be used.
Since the specifications of a profile cannot be changed as it would impact interoperability between products that conform to a specific profile, Profile Q will be deprecated on March 31, 2022.
“ONVIF conformant products are used in a wide variety of industries and geographies, with different requirements when it comes to cybersecurity policies or best practices,” said Leo Levit, chairman of the ONVIF Steering Committee in a prepared statement. “As these cyber threats evolve quickly, it’s important that users are aware of these best practices to ensure they are implementing cybersecurity measures that are appropriate for their organization.”
Print this page