Last Updated: 2026-05-12

Step-by-step hardening procedure for CyberPower RMCard devices. The default configuration leaves several security-relevant settings in an insecure state — this guide brings them in line with IT standards. Power-related settings are outside scope and should retain their engineering defaults.


Prerequisites

  • Web browser access to the RMCard management interface
  • Admin credentials for the device
  • Firmware files cpsrm2scfw_160.bin and cpsrm2scdata_160.bin (v1.6.0), extracted from cpsrm2scfw_1.6.0.zip — download from CyberPower RMCARD205/305 Firmware
  • NTP server address(es) for your site
  • Syslog server address
  • SMTP relay address and notification recipients

Procedure

Step 1 — Upgrade Firmware

Navigate to System > About and upload the two firmware files:

File Purpose
cpsrm2scfw_160.bin Firmware image
cpsrm2scdata_160.bin Data image

Allow approximately 5 minutes for the device to reboot before continuing.


Step 2 — Configure NTP

Navigate to System > General > Time and apply the following:

Setting Value
Using NTP Server Enabled
Primary NTP Server Site NTP server
Secondary NTP Server Site NTP server (backup)
Update Interval 1 hour

The factory default update interval is 8760 hours (once per year), which makes log timestamps unreliable. Set it to 1 hour.

Configure daylight savings time to match your site's timezone.


Step 3 — Set Device Identification

Navigate to System > General > Identification and configure:

  • System Name — use the schema Location-DeviceType-Number (e.g. CA-UPS-01)
  • Location — physical rack/room location
  • Contact — responsible team or individual

These values are used by SNMP and appear in alert emails and syslog entries.


Step 4 — Disable the Viewer Account

Navigate to System > Security > Local Account and uncheck the Viewer account.

The viewer account is enabled by default on all devices and shares credentials across the fleet, making it a common attack target.


Step 5 — Set Session Timeout

Navigate to System > Security > Session Control and set the logout timeout to 10 minutes.

The default of 3 minutes causes frequent logouts during configuration. 10 minutes balances security with usability.


Step 6 — Disable SNMPv1, Enable SNMPv3

Disable SNMPv1 — navigate to System > Network Service > SNMPv1:

  • Set the private community string to forbidden
  • Disable SNMPv1 entirely

SNMPv1 transmits community strings in plaintext and must not be used on a production network.

Enable SNMPv3 — navigate to System > Network Service > SNMPv3 and configure:

Setting Value
SNMPv3 Enabled
Authentication Protocol SHA
Privacy Protocol AES
Authentication Password 16–31 characters
Privacy Password 16–31 characters

Step 7 — Enable HTTPS and SSH

HTTPS — navigate to System > Network Service > Web Service and enable HTTPS. Disable plain HTTP if the option is available.

SSH — navigate to System > Network Service > Console Service and switch from Telnet to SSH.

Both changes prevent credentials from being transmitted in plaintext.


Step 8 — Configure Email Notifications

Navigate to System > Notification > SMTP Server and configure your mail relay.

Then navigate to System > Notification > E-mail Recipients and add the relevant distribution list or on-call address so power events generate alerts.


Step 9 — Enable Syslog

Navigate to Log > Syslog, enable syslog, and enter your syslog server address.

This ensures UPS events (power loss, battery low, overload) are captured in your central log management platform.


Step 10 — Network Placement

Use a DHCP reservation for the device's MAC address to simplify future management without the risk of address changes.

The RMCard must be on a secured management network — not on the same segment as end-user workstations.


Configuration Checklist

Use this table to verify all settings after completing the procedure.

Setting Location Default Required
Firmware version System > About Varies 1.6.0
NTP Server System > General > Time Not set Site NTP server
NTP Update Interval System > General > Time 8760 hr 1 hr
System Name System > General > Identification RMCARD205 Location-Type-Number
Viewer Account System > Security > Local Account Enabled Disabled
Login Timeout System > Security > Session Control 3 min 10 min
SNMPv1 System > Network Service > SNMPv1 Enabled Disabled
SNMPv3 System > Network Service > SNMPv3 Disabled Enabled (SHA + AES)
HTTPS System > Network Service > Web HTTP HTTPS
SSH System > Network Service > Console Telnet SSH
Email Notifications System > Notification Disabled Enabled
Syslog Log > Syslog Disabled Enabled