Skip to content

Policy Index

POL-SECEL

✅ Every Trimble Device MUST use a tamper-proof secure hardware element for storage of confidential and cryptographic data (e.g. keys, credentials, and personal information).

POL-BOOTSTRAP

❓Every Trimble Device MUST use the common Platform API for the registration and rotation of operational certificates (currently, the Bootstrap Service).

POL-OTA

❓Devices MUST support over-the-air (OTA) firmware updates. Where not possible, devices MUST support local firmware updates through appropriate mechanisms.

POL-FIRMWARE-UP

✅ Every Trimble Device MUST support firmware updates on any firmware responsible for connectivity with Trimble.

POL-LIB

✅ Every Trimble-Enabled Device SHOULD streamline its software integration footprint through use of shared libraries (e.g., Bedrock, “Side Car” agent, as appropriate for the use case).

POL-HW-DB

❓Every Trimble Device SHOULD use components that have been validated by at least one Trimble development team and entered into a common “Trimble Certified” Hardware Component database.

POL-UX

✅ Every Trimble-Enabled Device with a user interface that carries the Trimble brand MUST follow the UX guidelines set by the Trimble UX Board.

POL-CERT-ROT

❓Every Trimble Device MUST rotate device certificates in compliance with Trimble’s cybersecurity policy

POL-EMS

✅ Every Trimble Device SHOULD be assigned licenses for Trimble products or capabilities through Trimble’s centralized entitlement management system, and devices’ licenses for Trimble products or capabilities SHOULD be determined from EMS data.

POL-VULN-SCAN

❓Every Trimble Device MUST regularly submit its firmware for vulnerability scanning. Vulnerabilities MUST be remediated according to the Trimble Secure Development Life Cycle (TSDLC).

POL-ACCOUNT

✅ Every Trimble Device MUST at all times be under the ownership and control of at least one Account.

POL-DEV-MGT

✅ Every Trimble Device MUST be provisioned, directly or through integration, with the central Trimble Device Management System.

POL-CUTOFF

✅ Every TrimbleDevice that cannot conform to the standards herein MUST reach end-of-connectivity no later than January 1, 2030.

POL-RETIRE

✅ A Trimble Device MAY continue to operate beyond its end-of-connectivity lifetime. Software patches, including security updates, MUST be halted.

POL-TELEM

❓Every Trimble Device MUST report telemetry information when it has connectivity with Trimble.

POL-RISK-ASSESS

❓“Every Trimble Device MUST undergo a device risk assessment before any initial or new revision enters distribution.