• No results found

Focus on Security Xerox and the P2600 Hardcopy Device and System Security Working Group

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Focus on Security Xerox and the P2600 Hardcopy Device and System Security Working Group"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Focus on Security

Xerox and the P2600

Hardcopy Device and System

Security Working Group

Table of Contents

3 Introduction

3 What The Working Group Provides

4 The Xerox Role

4 What This Means To Xerox Customers

4 When Are You Finished?

March 24, 2010

Xerox Engineering Services Xerox Corporation

Copyright 2010 Xerox Corporation

Copyright protection claimed includes all forms and matters of copyrighted material and information now allowed by statutory or judicial law or hereinaf-ter granted, including without limitation, mahereinaf-terial generated from the software programs that are displayed on the screen such as styles, templates, icons, screen displays, looks, etc.

XEROX® and all Xerox product names and product numbers mentioned in this publication are trademarks of XEROX CORPORATION. All non-Xerox brands and product names may be trademarks or registered trademarks of the respective companies, and are hereby acknowledged.

(2)
(3)

3

Introduction

The Institute of Electrical and Electronics Engineers created the P2600: Hard-copy Device and System Security Working Group in 2004to develop security standards. The focus of the Working Group is to identify and document secu-rity issues and threats, and then provide recommendations to manufacturers on how to mitigate these security risks.

The goals of this activity are to:

• Define security requirements that include all aspects of security for manu-facturers, users and others on the selection, installation, configuration and usage of hardcopy devices and systems including printers, copiers, and multifunction devices and the computer systems that support these.

• Identify security exposures of hardcopy devices and systems and instruct manufacturers and software developers on appropriate security capabili-ties to include in their devices and systems and instruct users on appropri-ate ways to use these security capabilities.

What The Working Group Provides

The aspects of hardcopy device security that are covered in the standard are:

• Authentication • Authorization • Physical Security • Device Management • Information Security • Integrity

• Privacy

• Auditing / Monitoring • Network Security

For each of the areas covered, the applicable threats and proposed mitigation strategies oriented towards both device manufacturers and IT professionals are documented in detail by the IEEE Std 2600™-2008 Hardcopy Device and System Security Standard (https://www.ieee.org). The standard also defines the general set of security features that any hardcopy device must have to comply with the standard.

The working group also created a separate IEEE Protection Profile standard for each of the four operational environments defined in IEEE Std 2600. These four Protection Profile standards provide the set of minimum security require-ments that a hardcopy device such as a printer or a multi-function device must conform with in order to become Common Criteria certified in one of the four operational environments.

The P2600 Working Group completed its planned standard development ac-tivity in February 2010. Maintenance of the standards developed by the P2600 Working Group will continue under the auspices of the IEEE Standards Board.

Xerox and the P2600 Working Group

Xerox has been involved in the support of the P2600 Working Group since it started.

(4)

The Xerox Role

Xerox has been involved with the P2600 Working Group since its initial meet-ings in February 2004.

Xerox recognized the security focus of the standards being created by the P2600 Working Group, and therefore deemed it critical to participate in this Working Group. This is one of many standards groups to which Xerox belongs. By participating in the P2600 Working Group, Xerox is leading the community of security practitioners and hardcopy device manufacturers as a whole to put the security issues associated with hardcopy devices in the forefront for both technical staff and customers. It is only through cooperative industry-wide efforts of this type that printers, copiers, and multi-function devices will be able to keep sensitive company and personal data secure.

Xerox has worked hard to comply with the requirements detailed by the IEEE 2600 set of standards. Conforming with the standards as they exist and stay-ing connected to follow their evolution keeps Xerox products out in front when it comes to security issues.

What This Means To Xerox Customers

Through its participation in the P2600 Working Group and the constant moni-toring of vulnerabilities through the various sources such as US-CERT, Micro-soft Security Bulletins, Sun Microsystems Alerts, and Secunia, Xerox keeps pace with security issues as they happen and can alert our product delivery teams so action can be taken.

Xerox’s participation in the P2600 Working Group also means that its newest printers, copiers, and multi-function devices will be designed from the begin-ning to have the necessary security features and security capabilities so that they fully conform to the IEEE 2600 set of standards once the devices are properly configured.

Once a product is launched, Xerox has implemented a security patch manage-ment process that makes sure devices in the field are given security patches or new software releases in a timely manner to continually ensure our devices counter the latest security threats.

Taken together, customers can be assured that the newest Xerox hardcopy devices will meet current industry standards for security and will continuously mitigate applicable threats and vulnerabilities.

When Are You Finished?

A trick question for sure. As new exploits and vulnerabilities are being found and documented almost daily, it has become a full-time job to perform the necessary analysis of the latest vulnerabilities and then prepare methods to combat or mitigate them.

Organizations such as US-CERT publish lists of vulnerabilities each week. Our Xerox CERT Response Team reviews this list as well as lists from other security bug tracking sources for any issues that might affect Xerox products.

Even though the working group has provided Protection Profiles that we use during the product design process, to answer the “When Are You Finished?” question, - we’re never finished.

Xerox and the P2600 Working Group

Detailed evaluation of your

se-curity environment will help

you create solutions that secure

your data and your workflows.

(5)

5 NOTICE: DISCLAIMER

NOTICE: DISCLAIMER NOTICE: DISCLAIMER NOTICE: DISCLAIMER

THIS INFORMATION IS PROVIDED FOR INFORMATION PURPOSES ONLY. XEROX CORPORATION MAKES NO CLAIMS, PROMISES OR GUARANTEES ABOUT THE ACCURACY, COMPLETENESS, OR ADEQUACY OF THE INFORMA-TION CONTAINED IN THIS WHITE PAPER AND DISCLAIMS ALL LIABILITY CONCERNING THE INFORMAINFORMA-TION AND/ OR THE CONSEQUENCES OF ACTING ON ANY SUCH INFORMATION. PERFORMANCE OF THE PRODUCTS REFER-ENCED HEREIN IS EXCLUSIVELY SUBJECT TO THE APPLICABLE XEROX CORPORATION TERMS AND CONDITIONS OF SALE, LICENSE AND/OR LEASE. NOTHING STATED IN THIS WHITE PAPER CONSTITUTES THE ESTABLISHMENT OF ANY ADDITIONAL AGREEMENT OR BINDING OBLIGATIONS BETWEEN XEROX CORPORATION AND ANY THIRD PARTY.

References

Download now ( PDF - 5 Page - 362.48 KB )

Related documents

Report to the Enrollment and Marketing Working Group

Enrollment Trends: Decline in undergraduate enrollment in English and World Languages majors from 207 students in 2010 to 161 in 2014; Growth in graduate enrollment in department

Deregulation of Interest: Implication for National Development

Thus, the paper submits that deregulation of interest rate has positive impact on exchange rate in Nigeria and recommends among others that efforts should be geared towards

Vaurien Team Racing Easter Regatta San Vincenzo (Tuscany) - Italy

- The organisers can't be disclaimed for any loss, damage, injury or inconvenience that might occur to persons or goods before, during or after the races, ashore or at

Government policies aimed at combating land degradation in Alfred Nzo District

Most government policies like National Environment Management Act, Biodiversity Act, Alfred Nzo District Environmental Management Plan and Conservation of Agricultural Natural

A Radial Basis Function Method for Computing Helmholtz-Hodge Decompositions

Abstract A radial basis function RBF method based on matrix-valued kernels is presented and analyzed for computing two types of vector decompositions on bounded domains: one where

SCIENCE FAIR. Calallen Independent School District

Display Experiment Neatly Data: Tables Charts Graphs..

Chorionic thickness and PlGF concentrations as early predictors of small-for-gestational age birth weight in a low risk population

A statistically significant negative correlation was dem- onstrated in the study cohort between the maternal serum PIGF levels, foetal heart rate (FHR), birth weight and length,

Perancangan Prototype Lampu Rumah Tangga Via Wireless Bluetooth 2,4 Ghz Berbasis Arduino

[r]