Security settings and indications of controllers

What is claimed is: 1. A security assurance system for a building controller comprising: a controller having a locked mode and an exposed mode relative to outside connections such as internet, the controller including a security monitor configured to determine whether the controller is in the locked mode or the exposed mode; and wherein: the locked mode comprises at least one item of a group consisting of one or more security settings and policies that meet predetermined standards, and an entity designated to assume responsibility to assure that security settings and policies meet the predetermined standards; the exposed mode comprises at least one item of a group consisting of an absence of security settings and policies that meet the predetermined standards, and an absence of an entity designated to assure that the security settings and policies meet the predetermined standards; the security monitor determines whether the controller is in the locked mode or the exposed mode based on the items related to security settings and policies and a presence or the absence of the entity designated to assure the security settings and policies meet the predetermined standards; and the controller comprises an indicator that reveals whether the controller is in the locked mode or the exposed mode. 2. The security assurance system of claim 1 , wherein the security monitor has an automatic remote notification mechanism that notifies an entity designated to assume responsibility for security of the controller, upon detection of a security threat or misconfiguration of the controller. 3. The security assurance system of claim 2 , wherein the security monitor has a manual selector to initiate the automatic remote notification mechanism. 4. The security assurance system of claim 1 , wherein a security policy that meets the predetermined standards incorporates an entity designated to assume a responsibility to assure that the security settings and policies meet the predetermined standards. 5. The security assurance system of claim 4 , wherein in the exposed mode, the controller automatically shuts down a functionality having relevance for remote access. 6. The security assurance system of claim 4 , wherein: the controller comprises a web-server that provides a screen for display and entities; and the web-server permits a user to enter a media access control (MAC) address or a serial number of the controller so that the user can access and adjust the security settings to meet the predetermined standards. 7. The security assurance system of claim 4 , wherein: the controller comprises a web-server that provides a screen for display and entities; and wherein: the web-server permits a user to enter a MAC address of the controller or a serial number; an email address is entered on the screen of the entity designated to assure that the security settings and policies meet the predetermined standards; the controller verifies that the MAC address or serial number is valid or does a timeout if the MAC address or serial number is invalid; if the MAC address or serial number is valid, then the controller sends an email with a random code to the email address entered on the screen; and the entity enters the random code on the screen to result in an unlocking of the controller and another screen that reveals access to the security settings which can be adjusted to meet the predetermined standards. 8. The security assurance system of claim 7 , wherein the security settings comprise what entity is to receive notifications of one or more items from a group consisting of detected cyber-attacks, cyber health status of the controller, a number of failed logons, a new client internet protocol (IP) address, and a port probe by a remote host to be selected to activate monitoring of suspect activities. 9. The security assurance system of claim 8 , wherein a failed MAC address, serial number, random code, user account or password are prevented from being sent out by the controller over the internet. 10. The security assurance system of claim 1 , wherein the security settings are saved and the controller is locked relative to the security settings. 11. The security assurance system of claim 1 , wherein the indicator that reveals whether the controller is in the locked mode or the exposed mode is selected from the group consisting of one or more indicator lights and a dashboard. 12. The security assurance system of claim 1 , wherein a security structure of the controller comprises: one or more web pages; the locked mode and the exposed mode; a storage of security settings; a monitoring of potential attack vector surface events; a timestamp of the events; or a transmission of the events to the entity designated to monitor the controller. 13. The security assurance system of claim 6 , wherein: when an account, a password, or a code is lost, the MAC address or serial number of the controller is entered in a screen of the display to gain access to the security settings; and the security settings are eliminated and security settings are setup again anew. 14. A method, for monitoring security fitness of a building controller, comprising: providing a building controller connectable to an external communication system; providing one or more visual indicators of status of a configuration from a security perspective of the building controller, the one or more visual indicators of status selected from the group consisting of one or more indicator lights and a dashboard; checking a configuration of one or more items from a group consisting of a firewall, a network interface, virtual private networks, security credentials, communication ports, a user database, and a connectivity status to the external communication system; and determining whether the building controller is in a locked mode or an exposed mode based on whether or not the configuration of one or more items meets security criteria; and wherein: the building controller is in the exposed mode when a configuration of one or more items does not meet the security criteria; and wherein the building controller is in the locked mode when the configuration of one or more items meets the security criteria. 15. The method of claim 14 , wherein if a configuration of an item fails to meet the security criteria, then the item of the configuration is regarded as misconfigured. 16. The method of claim 14 , wherein the configuration of one or more items is monitored internally with one or more built-in, standalone algorithms, or monitored externally of one or more build-in cooperative algorithms in cooperation with of an external client or server. 17. The method of claim 14 , further comprising notifying an entity designated to assume responsibility to assure that the security criteria and policies are met when suspected break-in events are detected.