Print Security: Sharp Electronics MFPs first to achieve certification against common criteria

17 November 2017

Sharp Electronics should be proud this week.  They are the first printer manufacturer to be awarded certificates for full compliance with the broad range of print security evaluations, common criteria pulled together in version 1.0 of the "Protection Profile for Hardcopy Devices." 

The ranges of machine to receive this certificate are the MX-2630N, MX-3050N/3550N/4050N/5050N/6050N, and the MX-3070N/3570N/4070N/5070N/6070N.  To fully conform to the definitions in the standard, a firmware update may be required.
Other manufacturers have been rightly praised in consultancy reports for bringing very secure machines to market, and many of them are working to certify compliance with the same common criteria as Sharp has.  Several laboratories are authorized to award these certificates, notably the USA's National Information Assurance Partnership (NIAP) and Japan's International Technology Promotion Agency (IPA).  There are seven levels to attain, and Ricoh, Konica Minolta, Kyocera, HP Inc., Toshiba and Canon all have certified machines and others in testing for Evaluation Assurance Level 3+ and higher.  
DataMaster Lab will shortly be releasing our own analyses of MFP security. 

As usual, we take a cold look at what the technical specifications can actually deliver in the real world - and interpret these for you who are actively involved in explaining what this stuff actually means.  
So you can actually tell the difference between machines - and which features will be important in which business environments.
We divide print security into three areas:
User Control
Making a user authenticate themselves at the machine means they know they are tracked.  Most print-related crime will stop as a result.  Requiring someone to pull their print job down at the machine will stop the theft of sensitive documents left in the output tray.  Other abuses such as printing for personal use, and scanning or copying sensitive materials will not happen is the print user knows they are being tracked.
Content Protection
Slightly more active, more complicated and more expensive:  the range of soft- and hardware measures which protect and encrypt data held on a copier and its connexions, and which actually prevent copying or printing of specified sensitive materials.
Device Security
Doomsday hack scenarios: this is where the brands are competing right now.  This is the high end, technically speaking - but not necessarily super expensive.  Specific hardware, firmware and software on the device, coupled with alerting systems and monitoring is particularly important for printers which are isolated and/or connected to mobile users. 
Just saying this again:  DO NOT open up wifi on your printer And connect it to the same cabled network that your accounts department is connected to, just in case James Bond - or Christian Slater - is in the car park with his tablet. 
The Protection Profile for Hardcopy Devices includes testing procedures for anti-tampering as regards firmware, but not for BIOS nor for any systems to detect intrusions in runtime environments.  There is simply no way a serious standards organization can keep up with the pace of technical developments in areas such as these.
So, whilst certificates are important, realistic and recent reviews are more important.

Watch this space! 
DataMaster Labs Security Evaluations are coming soon!

Printer Benchmark : Print Security: Sharp Electronics MFPs first to achieve certification against common criteria

DMO in under 2 minutes

DMO is the Benchmark service for digital printing and document imaging.
From machines to software products we analyze, test and evaluate features and functions, usability, security, productivity, connectivity, flexibility, compatibility, and much more - all in real-world, business scenarios and in the context of this rapidly evolving market.
Totally independent, we provide you with an objective and critical view.

Test DMO Contact us

other news (48)

Search by Years Themes Tags
Preceding Next
We use cookies to enhance your experience on our website. By continuing to use our site, you are accepting the use of cookies as set out in our Personal data policy (see below).               Close X