Access Control That's Cybersecure at the Core

Mercury solutions safeguard every interaction across the access control ecosystem. From reader to controller and controller to host, data are encrypted in motion and at rest.

• TLS 1.3 handshake for controller to host communication
• AES-128/256 encryption for stored data, credentials and I/O communication
• OSDP Secure Channel for secure reader communication

Strong identity assurance means verifying both people and devices.

• Mutual authentication between host, controller and edge
• Secure boot CPU and crypto chip to block unauthorized code
• ARM TrustZone for processor-level isolation
• Support for mobile, biometric and certificate-based credentials
• 802.1X for network authentication

Mercury uses a secure software development lifecycle with threat modeling, secure coding, code reviews and third-party penetration testing.

• Signed firmware and rigorous validation
• Continuous monitoring, CVE tracking and patch distribution
• Software Bill of Materials (SBOM) visibility
• OSDP Verified certification by SIA

Mercury MP Controllers are designed to align with leading security standards.

• FIPS 140-3 validated cryptographic modules
• FIPS 201 compliance
• SOC 2 Type 2 and ISO 27018 at the HID platform level
• CSA STAR for cloud assurance

Every access request is continuously authenticated and authorized.

• No device, credential or location is trusted by default
• Identity-aware controls
• Continuous authentication between hardware and software
• Encrypted communication paths across the ecosystem

Identify and respond to unusual activity.

• Real-time alerts
• Anomaly detection for failed access attempts and unauthorized firmware updates
• Event monitoring integrated with enterprise SIEM platforms
• Physical access data correlated with digital threat intelligence