Building Management Systems control HVAC, lighting, access control, elevators, and fire suppression across commercial real estate — and are increasingly networked to enterprise IT systems and cloud management platforms in ways that create lateral-movement paths that attackers have used to compromise corporate networks through building systems. Zero Trust network segmentation for BMS environments isolates building control networks from IT, enforces identity-based access for facilities engineers and third-party service technicians, and provides the audit logging required by ISO 27001 Annex A physical and environmental security controls.
Related: Zero Trust for OT · IEC-62443 · EMS · Microsegmentation · Manufacturing