Introduction
This document provides a comprehensive overview of the security-related aspects of NXPowerLite Desktop. It is designed to answer common questions posed by security analysts when evaluating or deploying the software. If additional information is required, please contact us via Neuxpower Support.
1. Organizational Security Practices
NXPowerLite Desktop is developed and supported by a very small team, and as such, formalized processes in some areas are not applicable. Key organizational security practices are outlined below:
- Employee and Contractor Training: Employees and long-term contractors are not required to take annual information security training.
- Security Disclosure Program: Neuxpower does not have a formal security disclosure program.
- Third-Party Vendor Standards: NXPowerLite Desktop operates independently without reliance on subprocessors.
- Cyber Defense Program: NXPowerLite Desktop has been accredited by many defense organisations but Neuxpower does not have a formal cyber defense program in place, including vulnerability management, incident response, or engineering policies.
- Security Operations Center: Neuxpower does not maintain a 24x7 manned security operations center.
- Risk Management: There is no documented risk management process.
- IT Audits: No independent IT audit has been conducted in the last 12 months.
- Penetration Testing: No penetration testing has been performed in the last 12 months.
- Compliance Standards: Neuxpower does not formally adhere to any specific compliance or security standards.
2. Technology Stack and Components
NXPowerLite Desktop is written in C++ and utilizes native Windows libraries. Additional third-party components include:
- Adobe PDF Library
- Chilkat Zip
- Codejock ToolkitPro for C++/MFC
- LogicNP FolderView
- Lotus Notes C++ API (only if Lotus Notes client integration is installed)
- 7-Zip (Windows only | optional install)
3. Data and Communication
NXPowerLite Desktop is designed with privacy and minimal communication in mind:
- Personal Data Usage: The application stores the user’s name in the registry of the computer operating system. No other personal data is used, stored, or processed, and no information is transmitted back to Neuxpower.
- Export-Controlled Technology: NXPowerLite Desktop does not use, store, or process export-controlled technology.
- Offline Capability: NXPowerLite Desktop operates fully offline, ensuring data privacy and security.
- Communication with Servers: The software can be used entirely offline. Optionally, users can enable the ‘Check for updates’ feature, which contacts a Neuxpower server to verify the current application version. This is a non-essential feature, and the only information transmitted is the current app version.
- Self-Contained Installation: All required libraries and components are included within the installation package.
4. Registry Changes and Deployment
NXPowerLite Desktop modifies the registry during installation to store user preferences and licensing information.
-
User Installations (requiring local admin privileges): Registry entries are stored here:
Computer\HKEY_CURRENT_USER\Software\Neuxpower\NXPowerLite
-
Central Deployment: If the software is centrally deployed, registry entries are created here:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Neuxpower\NXPowerLite
For more details on deployment, please refer to the NXPowerLite Deployment Guide.
This document will be updated as new information becomes available or processes are implemented to address any gaps. For further inquiries, please contact us via Neuxpower Support.