Information Technology: Hardcopy Device and System Security
|Publication Date:||27 March 2008|
This standard defines security requirements (all aspects of security including but not limited to authentication, authorization, privacy, integrity, device management, physical security and information security) for manufacturers, users, and others on the selection, installation, configuration and usage of hardcopy devices (HCDs) and systems; including printers, copiers, and multifunction devices (MFDs). This standard identifies security exposures for these HCDs and systems, and instructs manufacturers and software developers on appropriate security capabilities to include in their devices and systems, and instructs users on appropriate ways to use these security capabilities.
In today's information technology (IT) environment, significant time and effort are being spent on security for workstations and servers. However, today's HCDs (printers, copiers, MFDs, etc.) are connected to the same local area networks (LANs) and contain many of the same communications, processing and storage components, and are subject to many of the same security problems as workstations and servers. At this time, there are no standards to guide manufacturers or users of HCDs in the secure installation, configuration, or usage of these devices and systems.
The purpose of this document is to serve as such a standard and its goals are:
a) To provide guidance in the secure architecture, design, and out-of-box configuration of HCDs for manufacturers;
b) To provide guidance in the secure installation, configuration, and use of HCDs for end users and their supporting organizations.