Imagine a world with no access controls. A free for all resulting in chaos thanks to broken processes, zero audit trails, and no way to admonish/grant rights to the appropriate devices or people. Luckily, today’s IoT driven world is layered with access controls designed to streamline and simplify alongside of prioritizing the most important aspect - security. With CMS VerdeTTo and the VerdeTTo Access Valve for ThingWorx, devices can be constrained to only access systems under certain conditions, such as connecting from certain known locations or during certain expected operating hours. VerdeTTo also allows devices with compromised certificates to quickly be disabled, preventing them from accessing network resources and systems. Just one click changes a metadata value for the compromised certificates through the VerdeTTo portal, while the VerdeTTo Access Valve immediately terminates the device’s access to the ThingWorx platform. But once a device is compromised (especially if a broad range of devices are compromised) how do you securely bring everything back online?