Cut Sheet

Table Of Contents

SPECIFICATION SUBMITTAL Page

Job Name:

Job Number:

Model Numbers:

Vive HJS-0, HJS-1, HJS-2 Wireless Hub

369902d 8 06.16.17

Vive Security Statement

Lutron takes the security of the Vive Lighting Control System very seriously.

The Vive Lighting Control System has been designed and engineered with attention to security since its inception.

Lutron has engaged security experts and independent testing ﬁrms throughout the entire development of the Vive

Lighting Control System. Lutron is committed to security and continuous improvement throughout the Vive

product lifecycle.

TheViveLightingControlSystemusesamulti-tieredapproachtosecurityandNationalInstituteofStandardsand

Technology(NIST)recommendedtechniquesforsecurity.

Theyinclude:

1.AnarchitecturethatisolatesthewiredEthernetnetworkfromthewirelessnetwork,whichstrictlylimitsthe

possibility of the Vive Wi-Fi being used to access the corporate network and gain conﬁdential information

2. A distributed security architecture with each hub having its own unique keys that would limit any potential breach

to only a small area of the system

3. Multiple levels of password protection (Wi-Fi network and the hubs themselves), with built-in rules that force the

user to enter a strong password

4.NIST-recommendedbestpracticesincludingsaltingandSCryptforsecurelystoringusernamesandpasswords

5.AES128-bitencryptionfornetworkcommunications

6. HTTPS (TLS 1.2) protocol for securing connections to the hub over the wired network

7. WPA2 technology for securing connections to the hub over the Wi-Fi network

 TheVivehubcanbedeployedinoneoftwoways:

• DedicatedLutronNetwork

• ConnectedtothecorporateITnetworkviaEthernet.TheVivehubmustbeconnectedviaEthernettoaccess

certain features such as BACnet® for BMS integration. Lutron advises following best practices in this instance,

including separating the business information network and the building infrastructure network. Use of a VLAN or

physically separated networks is recommended for secure deployment.

Dedicated Lutron Network Deployment

The Vive hub is not connected to the building network. Wi-Fi is used to connect to a smart device such as a

phone, tablet, or PC for commissioning and conﬁguration only. The Vive hub serves web pages for setup and

maintenanceviaapassword-protectedconnection.TheWi-FiSSIDcanbesettonotbroadcast.TheVivehub

Wi-Fi may be disabled if desired.

Corporate IT Network Deployment

TheVivehubmaybedeployedwithaxedIPaddressorservedoverDHCP.OncetheITnetworkisoperational,

the Vive hub will serve password-protected web pages for access and maintenance. The Vive hub Wi-Fi may be

disabled if desired.

TheVivehubactsasaWi-FiaccesspointpurelyforthecongurationandcommissioningoftheVivesystem.Itis

not a substitute for your building’s normal Wi-Fi access point. The Vive hub does not act as a bridge between

wireless and wired networks.

ItisstronglyrecommendedthatlocalITsecurityprofessionalsbeinvolvedwiththenetworkcongurationand

set-up to ensure the installation meets their security needs.