System Security Minimum Requirements

The wireless lighting control system shall have a cybersecurity certification, complying with: No universal passwords, secured interfaces, proven cryptography, automatic security updates, and vulnerability reporting program.
The network (communication from mobile devices to the lighting control units and from the units to the cloud and server) shall be an own, closed network. Communication between a mobile device and a lighting control unit as well as two lighting control units shall use industry standard algorithms:

AES-128: symmetric encryption cipher
AES-CMAC: message authentication algorithm for data integrity
ECDH: elliptic curve key exchange
ECDSA: elliptic curve digital signature algorithm
Full encryption between mobile device and units. New encryption key for each connection, derived with ECDH
Full encryption between units
10 changeable passwords

Not Shared: The Network is only stored on the device the network has been created with. Other devices cannot access the network.
Administrator Only: The Network is discovered and accessed only with an administrator e-mail and password (chosen at the stage of creating the network).
Password Protected: Other devices can access the network with a visitor password. Modifications require an administrator password.
Open: Other devices can access the network without any password. Modifications require an administrator password.

If the sharing setting is something other than Not Shared all the changes are uploaded to cloud service and the network can be accessed from other devices.

The lighting control system shall provide the possibility to lock the network units to prevent unpairing devices.
Allow or deny firmware updates shall be possible in order to prevent any changes occurring at the firmware level.
The control system shall be possible to hide the network from other users. It shall be possible to choose an initial amount of time for which the devices will remain visible when power is applied.