Monday 19 August 2019
News
archives

Print Security: Sharp Electronics MFPs first to achieve certification against common criteria   17 November 2017   


Sharp Electronics should be proud this week.  They are the first printer manufacturer to be awarded certificates for full compliance with the broad range of print security evaluations, common criteria pulled together in version 1.0 of the "Protection Profile for Hardcopy Devices." 

The ranges of machine to receive this certificate are the MX-2630N, MX-3050N/3550N/4050N/5050N/6050N, and the MX-3070N/3570N/4070N/5070N/6070N.  To fully conform to the definitions in the standard, a firmware update may be required.
 
Other manufacturers have been rightly praised in consultancy reports for bringing very secure machines to market, and many of them are working to certify compliance with the same common criteria as Sharp has.  Several laboratories are authorized to award these certificates, notably the USA's National Information Assurance Partnership (NIAP) and Japan's International Technology Promotion Agency (IPA).  There are seven levels to attain, and Ricoh, Konica Minolta, Kyocera, HP Inc., Toshiba and Canon all have certified machines and others in testing for Evaluation Assurance Level 3+ and higher.  
 
DataMaster Lab will shortly be releasing our own analyses of MFP security. 

As usual, we take a cold look at what the technical specifications can actually deliver in the real world - and interpret these for you who are actively involved in explaining what this stuff actually means.  
So you can actually tell the difference between machines - and which features will be important in which business environments.
 
We divide print security into three areas:
 
User Control
Making a user authenticate themselves at the machine means they know they are tracked.  Most print-related crime will stop as a result.  Requiring someone to pull their print job down at the machine will stop the theft of sensitive documents left in the output tray.  Other abuses such as printing for personal use, and scanning or copying sensitive materials will not happen is the print user knows they are being tracked.
 
Content Protection
Slightly more active, more complicated and more expensive:  the range of soft- and hardware measures which protect and encrypt data held on a copier and its connexions, and which actually prevent copying or printing of specified sensitive materials.
 
Device Security
Doomsday hack scenarios: this is where the brands are competing right now.  This is the high end, technically speaking - but not necessarily super expensive.  Specific hardware, firmware and software on the device, coupled with alerting systems and monitoring is particularly important for printers which are isolated and/or connected to mobile users. 
Just saying this again:  DO NOT open up wifi on your printer And connect it to the same cabled network that your accounts department is connected to, just in case James Bond - or Christian Slater - is in the car park with his tablet. 
 
The Protection Profile for Hardcopy Devices includes testing procedures for anti-tampering as regards firmware, but not for BIOS nor for any systems to detect intrusions in runtime environments.  There is simply no way a serious standards organization can keep up with the pace of technical developments in areas such as these.
 
So, whilst certificates are important, realistic and recent reviews are more important.

Watch this space! 
DataMaster Labs Security Evaluations are coming soon!




Datamaster Online (DMO) is a benchmarking portal: competitive information, analyses, evaluations, comparison tools, technical data, product strengths and weaknesses, TCO ... and much more.  An independent test lab.
To find out about DMO


22 Jul 2019  

09 Jul 2019  

09 Jul 2019  

09 Jul 2019  

09 Jul 2019  

09 Jul 2019  

05 Jul 2019  

04 Jul 2019  

04 Jul 2019  

02 Jul 2019  

18 Jun 2019  

07 Jun 2019  

23 Apr 2019  

19 Apr 2019  

17 Apr 2019  

08 Apr 2019  

28 Mar 2019  

27 Mar 2019  

20 Mar 2019  

13 Mar 2019  

01 Mar 2019  

13 Feb 2019  

05 Feb 2019  

04 Feb 2019  

01 Feb 2019  

01 Feb 2019  

28 Jan 2019  

22 Jan 2019  

14 Jan 2019  

02 Jan 2019  

List of linked news items, pages : 1    2    3    4    5    6    7    8    9    10    11    12    13    14    15    16    17    18    19    20   

access the Subscriber area

News structure
LinkedinTwitterViadeo
structure