What is Axon Commander?
Axon Commander is a digital evidence management solution designed for customers that require on-premise management of their services and infrastructure. Similar to Axon Evidence, Commander offers a breadth of features for customers to consolidate and optimize evidence repositories within the premises of an existing computing environment. Additionally, Commander enables a hybrid solution where an on-premise instance of Commander can offload data securely to Axon Evidence.
How Does Axon Commander Work?
Axon Commander is a Windows-based application that is deployed on a server within a customer’s computing environment. Axon Commander requires a host computer that meets specific hardware requirements and a SQL database. An Axon Commander installation comprises of a Commander Server and Commander Clients. The Commander Server functions as an organization’s central repository for evidence data and evidence management system. Using a Commander Client, users interact with the Commander Server to upload, view, and share data. Customers with update-to-date Windows Servers are able to leverage out-of-the-box data in-transit protections from Commander and enforce encrypted inbound and outbound connections.
Axon Commander also has the ability to interact with other Axon Products, including Axon Body Worn Cameras and Docks, TASER Conducted Electrical Weapons (CEWs), and Fleet in-car video systems. These devices can be registered to an Axon Commander instance and securely offload data to the Commander Server.
Axon Commander Security Safeguards:
Axon Commander employs many safeguards:
RESIDES WITH THE CUSTOMER
- Axon Commander can be deployed within a customer selected computing environment, where customers fully manage their instance and related technology infrastructure.
- Axon Commander maintains full functionality even when air-gapped from other networks.
CRYPTOGRAPHIC CONTROLS SUPPORTED OUT OF THE BOX
- TLS (Transport Layer Security) is enforced for data in-transit to and from Commander Servers and external connections. TLS is also supported between Commander instances if customers choose to enable encryption protections on their network.
- Customers may also enable encryption at-rest for their data, up to encryption levels to meet organizational and regulatory standards.
- Integrity of data is ensured with a forensic fingerprint of each Evidence file using an industry standard SHA hash function.
SECURITY ADMINISTRATION FEATURES
- Commander administrators have the ability to set roles and permissions for users within their instance.
- Active Directory integration support allows for seamless provisioning and access management.
- Commander generates multiple types of audit reports, including reports on specific data objects, specific users, or Axon devices that are used in conjunction with Commander, such as Axon Body Worn Cameras or a TASER CEWs.
Scaling with Axon Commander
The Destinations feature within Axon Commander allows for customers to securely expand a private network of data repositories and enable the ability to transfer and share data to other Commander instances. For larger customers that operate with geographically dispersed field offices, this feature is key to streamlining collaboration within trusted connections.
Transitioning to the Cloud with Axon Commander
Destinations also enables a hybrid model for digital evidence management by providing connectivity from Axon Commander to an Axon Evidence tenant or other cloud hosted storage solutions. For Axon Evidence, this is achieved by generating an API client from within Axon Evidence and loading the API client secrets into a Commander instance. The connectivity enables the sharing and transfer data from Axon Commander into Axon Evidence.
Security Best Practices
When deploying Axon Commander it is crucial that customers implement security controls to safeguard against unauthorized access and disruptions. In addition to adhering to regulatory requirements and security standards, customers should address the following when running Axon Commander:
USER ACCESS MANAGEMENT
- Integrate Axon Commander with Active Directory
If using native authentication in Axon Commander, implement password policies that adhere organization security standards and security best practices such as:
- Minimum length and complexity requirements.
- Rotating passwords on a periodic basis.
- Changing default passwords.
HOSTING ENVIRONMENT SECURITY
- Patch and regularly update infrastructure hosting Axon Commander
- Keep Commander Servers updated with the latest releases or patches as provided by Axon
- Enable disk encryption on Commander Servers to add a layer of cryptographic protection
- Enable anti-malware and anti-virus tooling to detect and manage malicious software
Implement network level protections for Axon Commander infrastructure such as:
- Enable encryption for data in-transit within the agency network. Enable encryption for data in-transit within the agency network.
- Follow the “principle of least privilege” for firewall and port rules to only allow traffic that is needed for business operations.
- Ensure proper network isolation and segmentation to meet operational and security needs.
Review users who have access to Axon Commander on a periodic basis to ensure that:
- Only authorized individuals have access.
- Individuals only have the lowest level of permissions needed to complete their job functions.
- Individuals who have left the customer organization have their accounts de-provisioned and their access revoked.
Periodically review the configuration of Axon Commander and ensure that any implemented security measures align with the security posture of your organization.
Reporting Potential Security Issues or Vulnerabilities
If you believe you have discovered a security vulnerability on Axon Commander or any other Axon product, please email email@example.com with a thorough explanation of the issue or vulnerability. Any sensitive testing results or information should be transmitted to Axon using an encrypted communication channel. Our PGP key is available here: Axon Information Security (4CB2324C) – Public
We ask that you do not disclose any vulnerability information publicly or to any third party without coordination with Axon's Information Security team. Axon is committed to working with customers and the security researcher community to validate and address reported potential vulnerabilities. Further information regarding this commitment is outlined in Axon’s Penetration Testing & Vulnerability Disclosure Guidelines.
All non-security related issues should be directed to Axon Customer Support.