U.S. Army best practices for secure network printing, scanning, and faxing.



Similar documents
Quick Reference Guide

Nuance AutoStore route destinations

One platform for all your print, scan and device management

Nuance ecopy ShareScan 5 and ecopy PDF Pro Office 5 Reviewers' Guide

Securing networked multifunction devices in government.

One Platform for all your Print, Scan and Device Management

How To Use Uniflow

ONE PLATFORM FOR ALL YOUR PRINT, SCAN, AND DEVICE MANAGEMENT

Nuance Power PDF is PDF uncompromised.

Securing MFPs in a CAC Environment: Today and Tomorrow Critical Considerations

Document Imaging Solutions. The secure exchange of protected health information.

RightFax Local Administrator Guide

Breakthrough office-scanning performance.

Xerox Workflow Automation Services Solutions Brochure. Xerox DocuShare 7.0. Enterprise content management for every organization.

Veco User Guides. Document Management

Workflow Suite Family. GlobalScan. Capture & Distribution Solution Comprehensive Document Control. scalable. ersatile. powerful

ecopy ShareScan v4.35 for ScanStation Product Overview

Integrated Cloud Environment Box User s Guide

SAMSUNG PRINTING SOLUTIONS Business Core Printing Solutions. FOR YOUR BUSINESS Easy-to-use serverless solutions that work as efficiently as you do

Integrated Cloud Environment Google Drive User s Guide

ONE INTEGRATED PLATFORM FOR ALL YOUR PRINT, SCAN AND DEVICE MANAGEMENT. uniflow canon.com.au/business

NSi Mobile Administrator Guide. Version 6.2

Integrated Cloud Environment Scan to Oracle Cloud User s Guide

Control scanning, printing and copying effectively with uniflow Version 5. you can

Quick Scan Features Setup Guide. Scan to Setup. See also: System Administration Guide: Contains details about setup.

Interwoven WorkSite Framework* User s Guide

File Management Utility User Guide

Xerox PrintSafe Software

Addressing Security Issues The ecopy solution for document imaging

Addressing document imaging security issues

Nuance ecopy ShareScan. Brings paper documents into the digital world. Document capture & distribution Nuance ecopy

NETWRIX EVENT LOG MANAGER

One platform for printing, copying and scanning management. you can

GlobalScan. Capture, process and distribute documents with exceptional efficiency. Workflow Suite Family

GlobalScan. Workflow Suite Family. Streamline workflows and enhance efficiency

Legal Notes. Regarding Trademarks KYOCERA MITA Corporation

Document Capture and Distribution

Cloud Portal for imagerunner ADVANCE

Whether your organization is small, medium or large, OpenText RightFax meets these

BUSINESS CORE PRINTING SOLUTIONS

Scan to SMB(PC) Set up Guide

Introduction to Digital Workflow Ticketing

Samsung Security Solutions

Konica Minolta Unity Document Suite. Powerful integrated document processing. Document capture & distribution Unity Document Suite

e CABINET AND DOCULEX Document Capture and Electronic File Conversion

Setting Up Scan to SMB on TaskALFA series MFP s.

Digital Scanning Solutions. Versatile, affordable scanning solutions for every day business. Digital Printing Solutions

Whitepaper Document Solutions

Scan to Cloud Installation Guide

Brown County Information Technology Aberdeen, SD. Request for Proposals For Document Management Solution. Proposals Deadline: Submit proposals to:

Optus SMS for MS Outlook and Lotus Notes

Xerox Multifunction Devices. Verify Device Settings via the Configuration Report

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Software Version 1.0 ConnectKey TM Share to Cloud April Xerox ConnectKey Share to Cloud User / Administrator s Guide

Reform PDC Document Workflow Solution Streamline capture and distribution. intuitive. lexible. mobile

8.7. NET SatisFAXtion Gateway Installation Guide. For NET SatisFAXtion 8.7. Contents

Samsung SmarThru Workflow 2 Digitize your print environment with secure, cost effective document workflow

Network Scanner Tool R3.1. User s Guide Version

Using Avaya Aura Messaging

Integrated Cloud Environment OneDrive User s Guide

redcoal SMS for MS Outlook and Lotus Notes

MyQ Version Comparing (v5.2)

Getting Started Guide

Frequently asked questions

Xerox Mobile Link 2.0 Frequently Asked Questions (FAQ) - Android

Sophos Mobile Control Installation guide. Product version: 3

Authorized Send Installation and Configuration Guide Version 4.0

PaperClip. em4 Cloud Client. Manual Setup Guide

Quick Scan Features Setup Guide

Streamline NX. Capture, Distribution & Output Management Solution

Business Applications from Kyocera. Endless Possibilities, Measurable Success

HotSpot Enterprise Mobile Printing Solution. Security Whitepaper

TREENO ELECTRONIC DOCUMENT MANAGEMENT. Administration Guide

Perceptive Content Security

Creating a Content Group and assigning the Encrypt action to the Group.

*Contact the iperms Technical Support at or call for further assistance.

Whether your organization is small, medium or large, OpenText RightFax meets these

GFI White Paper: GFI FaxMaker and HIPAA compliance

Hosted Testing and Grading

Capture INTEGRATED SCANNING WORKFLOW CAPTURE PROCESS DISTRIBUTE

INTEGRATED SCANNING WORKFLOW

PageScope Router. Version 1.5. Configuration Guide

enicq 5 System Administrator s Guide

Introduction to Google Apps for Business Integration

ATX Document Manager. User Guide

Network Scanner Tool V3.5. User s Guide Version

SETUP AND OPERATION GUIDE CLOUD PRINT. Version 1.0. January KYOCERA Document Solutions UK

Fax Regis University RightFax Services for Faculty & Staff

Ensuring the security of your mobile business intelligence

Smart Card Authentication. Administrator's Guide

DJIGZO ENCRYPTION. Djigzo white paper

How to Secure a Groove Manager Web Site

ing from The E2 Shop System address Server Name Server Port, Encryption Protocol, Encryption Type, SMTP User ID SMTP Password

AR-NB2 A NETWORK EXPANSION KIT. OPERATION MANUAL (for network scanner) SCANNER FUNCTION 17 USING THE NETWORK

Transcription:

U.S. Army best practices for secure network printing, scanning, and faxing. Developed by Nuance Document Imaging and RICOH USA

2 Table of contents 3 Introduction Objective Overview Background in U.S. Federal Government U.S. Army certification 4 Centralized management of document transfer Encrypted data transmission CAC authentication Centralized Audit Trail 5 Secure network printing CAC-enabled pull printing Print from CHCS Print from AHLTA Print redaction Rules-based printing Print metrics & reporting 8 Secure network scanning Scan to workflows Scan to user home folder Scan to department or command level folder Scan to email Scan to Microsoft SharePoint Scan to iperms Optical character recognition PDF password protection Scan content filter Scan content redaction 11 Secure network faxing Fax server integration Fax number validation and limitation User level common fax destinations Fax content filter

3 Introduction Objective. The objective of this document is to provide the U.S. Army, Army National Guard, and Army Corps of Engineers with the recommended best practices for secure document printing, scanning, and faxing on networked multifunction devices (MFDs). The best practices outlined in this document are based on years of experience that Ricoh USA, Inc. and Nuance have acquired by working closely with the U.S. Department of Defense (DOD) and other U.S. Federal Government organizations on many document solution implementations. Overview. Ricoh, in partnership with Nuance, has developed a secure enterprise document distribution solution with the Nuance software platform to implement its best practices for secure MFD functions. The solution provides a secure method of managing document transfer to support information assurance (IA) policies and protect personally identifiable information (PII) on transmitted documents. The Nuance AutoStore platform with Nuance Output Manager TM centrally manages document printing, scanning, and faxing across an organization s network by connecting to Ricoh MFDs. This enables secure transmission of documents to and from users workstations, content management systems, mainframe systems, and file systems. Background in U.S. Federal Government. Ricoh has extensive experience in deploying the Nuance AutoStore platform throughout the U.S. Federal Government, enabling secure document capture and print on thousands of Ricoh MFDs and providing secure document capabilities to tens of thousands of users. The U.S. Army, U.S. Navy, U.S. Air Force, National Guard, Department of Veterans Affairs, and many other civilian agencies are all current users of the Nuance platform on Ricoh MFDs. U.S. Army certification. The best practices outlined in this document are built with Nuance software and Ricoh CAC software, both of which have been certified by the U.S. Army. The Nuance AutoStore platform has been issued a U.S. Army Certificate of Networthiness (CoN) by the U.S. Army Network Enterprise Technology Command (NETCOM) [CoN certification number: 201315936; expiration date 8/9/2016]. The Ricoh MFD Common Access Card (CAC) Authentication Solution, which integrates with the Nuance AutoStore platform, has also been issued a CoN [CoN certification number: 201312117; expiration date 02/01/2016].

4 Centralized management of document transfer When deploying a large fleet of MFDs, U.S. Army organizations must consider the management effort and security implications associated with providing network functions on each device. The Nuance server-based software acts as a centralized point of communication between Ricoh MFDs, users, and network scanning and faxing destinations. Network functions are completely configurable at the fleet and user levels, and can be enabled or disabled based on specific department level or user group requirements. User desktop applications Multifunction devices (MDFs) Document & content management systems File, fax and email services Encrypted data transmission. Centralized management enables greater control of data transmission to and from MFDs. All jobs input (scan and network fax) and output (print) at the device are transmitted to and from the Nuance server over a secure socket layer (SSL) enabled HTTPS protocol, in support of FIPS 140-2 compliance. CAC authentication. Centralized management enables system administrators to assign CAC authentication to specific end user network functions at the MFD. With CAC authentication enabled, print release is associated with the authenticated user. Similarly, scanning and network faxing functionality at the MFD are controlled based on the CAC user. The solution sends an authentication request to Active Directory (AD) to validate the credentials. Once authenticated, access to specific scanning functions can be set at the AD user/group level for additional operational security. Standard workflows such as scanning to user home directory, are automatically customized based on the authenticated user s credentials.

5 When using the Ricoh MFD, the user will be prompted to insert CAC and enter PIN before being able to access network functions: Centralized audit trail. Nuance provides a full centralized audit trail of all documents printed, scanned, and faxed (via fax server) from the MFDs to support information assurance and provide data for reporting metrics. With centralized management, all of the data is in a central database, eliminating the need to collect data individually from MFDs. Reports can then be generated from the audit trail data. Secure network printing When organizations implement an overall data loss prevention (DLP) strategy, they must incorporate a solution for protecting content on printed documents, as a measure to prevent spillage. The secure print capability of Nuance AutoStore with Output Manager captures user-initiated print jobs from PC workstations, and allows only the specified user to release the print job from any Ricoh MFD on the network. Print jobs are held encrypted in a print queue on the Nuance Output Manager server until released by the user. CAC-enabled pull printing. In support of Homeland Security Presidential 12 (HSPD-12), the Nuance platform integrates seamlessly with DOD CAC to enable single-sign on at the Ricoh MFD. This also provides a simple user experience and promotes user adoption. Print jobs can be released only upon the user successfully authenticating with a PIV and PIN at the device. Additionally, since the print jobs are held in the queue on the server, instead on the hard drive of the MFD, the user has the ability to release from any networked device. In support of Homeland Security Presidential 12 (HSPD-12), the Nuance platform integrates seamlessly with DOD CAC.

6 This distributed capability gives the department a Follow-You print capability, utilizing machines based on location, service condition, and meeting place. 1 Print User sends a print job to the printer Login Password Print job is User authenticates at The selected 2 placed into a 3 device control panel 4 print job is virtual queue on released the SecurePrint server Nuance software platform provides: The ability to integrate with mainframe systems Integration with the Composite Health Care System (CHCS) Pull print capabilities for users of the Armed Forces Health Longitudinal Technology Application (AHLTA) A platform to create and manage print rules at the enterprise level Print from CHCS. The Nuance platform provides the ability to integrate with mainframe systems. Therefore, the solution can integrate with the Composite Health Care System (CHCS) to extend print capabilities of the system to the Ricoh MFD and CAC users, including pull printing at any network device. This function reduces dependency on dedicated printers for CHCS. Corporate Health Care System Windows Server Active Directory CHCS Print from AHLTA. Similar to the CHCS integration, the Nuance platform provides pull print capabilities for users of the Armed Forces Health Longitudinal Technology Application (AHLTA) as well. By integrating with AHLTA Web Print, Nuance s Output Manager function can hold print jobs from Web Print in its centralized queue, and enable users to release from any network Ricoh MFD. Print redaction. Redacting sensitive content on physically printed documents is a necessary function for certain business processes within DOD. The Nuance platform can automate this process by analyzing print stream content for personally identifiable information (PII) and replacing with other characters, for example, XXXXXXX.

7 Rules-based printing. Rules-based printing controls output and associated costs by analyzing print jobs before release, based on a set of established rules, to determine how they are printed. Organizations with established print security and cost policies can enforce these policies with the implementation of rules-based printing functionality. Nuance Output Manager provides a platform to create and manage print rules at the enterprise level. Rules can be established and enforced based on the user, the application printed from, and specific attributes of the print job itself, such as number of pages. The Nuance Output Manager platform collects exhaustive, detailed data on print activity and provides a robust set of out-of-thebox reports on an organization s print environment. Print B&W permitted Color not permitted Army user Force duplex print on email Page limit notification Print metrics & reporting. Detailed metrics on print output provide necessary insight into user print behavior and the answer to the common question, what are our people actually printing? To compile useful and actionable print analytics, detailed information on the content and the origin of printed documents must be tracked, including (1) CAC user/army department, (2) time/day printed, (3) application printed from, and (4) document name, document page count, and file format. With a comprehensive dataset, stakeholders can identify printing trends at the user, department, and enterprise level. The Nuance Output Manager platform collects exhaustive, detailed data on print activity and provides a robust set of out-of-the-box reports on an organization s print environment.

8 Secure network scanning Scan to workflows. The Nuance AutoStore interface at the Ricoh MFD provides an intuitive and simple to use experience. After CAC authentication, users are presented with big, easy to click buttons for the scan workflows to which they have access. The screenshot below displays an example of a user interface if only one scan workflow, in this case Scan to Me (i.e., user home directory), is enabled, or if the authenticated user has access only to this function. Scan to user home folder. The Scan to User Home Folder option allows users to scan documents directly back to their individual home folder. To identify the home folder, the AutoStore queries AD/LDAP for the Home Directory attribute, or can be configured dynamically set to the folder path based on a defined server path and the authenticated user (e.g., \\homedirectoryserver\username). This capability can be configured to prompt the user for file name, or can be configured to populate a file name automatically, based on a rule (e.g., username_datestamp.pdf).

9 Scan to department or command level folder. The Scan to Department or Command Level Folder function allows users to scan documents directly to a team shared folder. This capability can be configured to prompt the user for file name, or can be configured to populate a file name automatically, a file name based on a rule (e.g., username_datestamp.pdf). Scan to email. The Scan to Email function allows users to scan documents to an email address through an outgoing SMTP mail server. Email address search can be enabled through an LDAP lookup, and a scan to my email functionality can also be enabled through the CAC authentication integration. To minimize traffic on the mail server and to minimize documents stored in mail inboxes and outboxes, it is not recommended to attach scanned documents to an outbound email. Instead, a notification email can be sent to the user/recipient with a hyperlink to the document stored on the network. Unauthorized users will not be able to access the document through the link in the email. Scan to Microsoft SharePoint. The Scan to Microsoft SharePoint function allows users to scan documents directly to SharePoint libraries. Access to specific libraries as scan destinations can be controlled at the user and group level. Additionally, the user can set SharePoint permissions and enter SharePoint index fields (e.g., document type) at the time of scan. This option is compatible with SharePoint 2003, 2007, 2010, and 2013. Additionally, a simple one-touch SharePoint scanning function can be enabled for CAC users to scan directly back to their SharePoint My Site.

10 Scan to iperms. In support of Soldier Readiness Processing (SRP), the Scan to iperms function allows authorized users to scan soldier record documents directly into the Interactive Personnel Electronic Records Management System (iperms) validation queue, in compliance with U.S. Human Resources Command (HRC) policy and guidelines. The authorized user is prompted to index the document at the time of scan, including Soldier SSN, Document Type, and Effective Date. The data entered by the user can be validated real-time before the scanned document is sent to the validation queue. Optical character recognition. With optical character recognition (OCR) enabled, scan jobs can be converted into text-searchable PDF or PDF/A format. Conversion to text-searchable documents is critical for keyword searching and information sharing once the scanned files are stored electronically. Unsearchable imagebased files are automatically converted into a text format that can be easily searched and retrieved. Optionally, the OCR engine can be set to convert to other text formats including Microsoft Word and Microsoft Excel. TIFF TIFF PDF WORD EXCEL PDF password protection. With PDF password protection enabled, the user is prompted to secure the scanned document by entering in a password at the time of scan. After the document has been routed to its destination, it then cannot be opened without entering in the password. Scan content filter. With scan content filter enabled, the AutoStore server can intercept outbound scanned documents that contain personally identifiable information (PII) or other confidential content, and prevent the fax from leaving the U.S. Army network. When the content filter is triggered, AutoStore can be set to notify users, security officers, and administrators automatically.

11 Scan content redaction. Documents can be redacted to remove fields and words from documents in an automated batch mode. Content can include personal information such as social security numbers (SSN), dates of birth, or specific key words or phrases from a configurable list. Then, AutoStore can output both the original and the redacted documents to different locations. Nuance AutoStore provides: Secure outbound faxing. Fax number validation. The authenticated user with a dropdown list of the commonly used fax destinations, preventing mistyped fax destinations. A fax content filter, intercepting outbound faxes that contain personally Identifiable Information (PII). Secure network faxing Fax server integration. Nuance AutoStore enables secure outbound faxing from Ricoh MFDs through integrations with fax server platforms including RightFax, Cleo Streem Fax Server, and other fax server applications that support XML and SMTP import methods. Ricoh multifunction devices (MFDs) Network scanners DOC PPT PDF XLS Desktop apps Desktop scanners Network fax server Smartphones and tablets VistA, CPRS

12 Fax number validation and limitation. Fax number validation and limitation can prevent mistyped fax destinations. With validation enabled, the fax number entered by the user is validated against a database table of valid fax numbers. With limitation enabled, the user is presented with a drop down list of fax numbers so that manual keying is eliminated. For example, a Fax to HR option with limitation enabled will prompt the user to select from a dropdown of HR fax numbers/personnel. User level common fax destinations. With the common fax destination option enabled, the authenticated user is presented with a dropdown list of the commonly used fax destinations. This option can be configured to display the last 5-10 fax numbers used, or the most frequent 5-10 fax numbers used by an individual user. The option helps prevent mistyped fax destinations. Fax content filter. With fax content filter enabled, the AutoStore server can intercept outbound faxes that contain personally identifiable information (PII) or other confidential content and prevent the fax from leaving the U.S. Army network. When the content filter is triggered, AutoStore can be set to automatically notify users, security officers, and administrators. About Nuance Communications, Inc. Nuance Communications is reinventing the relationship between people and technology. Through its voice and language offerings, the company is creating a more human conversation with the many systems, devices, electronics, apps and services around us. Every day, millions of people and thousands of businesses experience Nuance through intelligent systems that can listen, understand, learn and adapt to your life and your work. For more information, please visit nuance.com. Copyright 2014 Nuance Communications, Inc. All rights reserved. Nuance, and the Nuance logo, are trademarks and/or registered trademarks, of Nuance Communications, Inc. or its affiliates in the United States and/or other countries. All other brand and product names are trademarks or registered trademarks of their respective companies. HC-54 NOV 2014

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information