Focus on Security Xerox and the P2600 Hardcopy Device and System Security Working Group



Similar documents
The main difference between environments is the level of accountability for individual user actions.

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

Transparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?

Hard Drive Retention Offering for Xerox Products in the United States

Xerox SMart esolutions. Security White Paper

SMart esolutions. Install Guide for Xerox SMart esolutions for Windows for Office devices based in Europe. a Xerox remote service platform INSTALL

DATA SECURITY INFORMATION COMMON CRITERIA ISO-IEC15408

DocuShare Print and Setup and User Guide

Evaluation. Common Criteria. Questions & Answers Xerox and Canon. Xerox Advanced Multifunction Systems

Xerox Global Print Driver. Installation Guide

Pipeliner CRM Phaenomena Guide Sales Pipeline Management Pipelinersales Inc.

Xerox App Studio How to Install Xerox ConnectKey Apps using Xerox App Studio, USB or Xerox CentreWare Internet Services. A Step-by-Step Guide

CentreWare for Microsoft Operations Manager. User Guide

How To Deploy Software Updates Using SCCM 2012 R2

Title: Security Patch Management

Promotion Model. CVS SUITE QUICK GUIDE 2009 Build 3701 February March Hare Software Ltd

Xerox Remote Print Services Services you can count on

SiI3132 SATARAID5 Quick Installation Guide (Windows version)

Product Security. Data Protection: Image Overwrite, Encryption and Disk Removal

Extended Validation SSL

Resolving the Top Three Patch Management Challenges

OPEN SOURCE SECURITY

TERMS OF USE 1. Definitions

Pipeliner CRM Phaenomena Guide Opportunity Management Pipelinersales Inc.

E-Sign Disclosure & E-Statements Terms and Conditions

Adobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service

Total Protection for Compliance: Unified IT Policy Auditing

Enable File and Folder Auditing

Deciding When to Deploy Microsoft Windows SharePoint Services and Microsoft Office SharePoint Portal Server White Paper

Service Description: Cisco Prime Home Hosted Services. This document describes the Cisco Prime Home Hosted Services.

Pipeliner CRM Phaenomena Guide Sales Target Tracking Pipelinersales Inc.

Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008

Patch and Vulnerability Management Program

Xerox Product Security

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:

CMS Selection Requirements, Fit Criteria, and Rationales

ZIMPERIUM, INC. END USER LICENSE TERMS

Application Note. SA Server and ADAM

Nokia E90 Communicator Backing up data

Integrate Cisco IronPort Web Security Appliance (WSA)

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Intel Security Certified Product Specialist Data Loss Prevention Endpoint (DLPe)

Data- Centric Enterprise Approach to Risk Management Gregory G. Jackson, Sr. Cyber Analyst Cyber Engineering Division Dynetics Inc.

October P Xerox App Studio. Information Assurance Disclosure. Version 2.0

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

GFI White Paper: GFI FaxMaker and HIPAA compliance

Vulnerability Intelligence & 3 rd party patch management

Lepide Event Log Manager: Installation Guide. Installation Guide. Lepide Event Log Manager. Lepide Software Private Limited

Validity 1. Installation 2 SIMATIC. WinCC flexible Tag simulator Update 1. Readme

How To Manage Web Content Management System (Wcm)

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Configuration Guide for SQL Server This document explains the steps to configure LepideAuditor Suite to add and audit SQL Server.

GFI Archiver Evaluation guide: Online Demo Evaluation Guide

Professional Services Agreement

SAP Product and Cloud Security Strategy

RockWare Click-Wrap Software License Agreement ( License )

Kinetic Internet Limited

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

How to Develop an Effective Vulnerability Management Process

SERVICE LEVEL AGREEMENT. Open Source Support Desk B.V. Hargray, Inc.

CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE PERIOD

Xerox Security Bulletin XRX13-006

GFI Product Manual. ReportPack Manual

IGEL Universal Management. Installation Guide

Xerox DocuPrint P12 Print Driver User Guide

McAfee Certified Assessment Specialist Network

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd.

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd.

Self Help Guides. Setup Exchange with Outlook

HSS Specific Terms HSS SOFTWARE LICENSE AGREEMENT

Application Note Gemalto Access Client for windows smart card and EFS on Microsoft Windows Vista

The Security Development Lifecycle

Paying and Terms. Postage Meter Users. Effective January 11, canadapost.ca/postalservices

Patch Management Marvin Christensen /CIAC

System Requirements. Installation. Microsoft SQL Express 2008 R2 Installation

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

CA Nimsoft Monitor. Probe Guide for Active Directory Server. ad_server v1.4 series

HP OpenView AssetCenter

Intelligent Monitoring Configuration Tool

CA Service Desk Manager - Mobile Enabler 2.0

Novell. ZENworks Patch Management Design, Deployment and Best Practices. Allen McCurdy Sr. Technical Specialist

DLNA Guidelines March 2014

Pipeliner CRM Phaenomena Guide Getting Started with Pipeliner Pipelinersales Inc.

Patch management point solution. Platform. Patch Management Point Solution

Virtual Contact Center. Release Notes. Version Revision 1.0

This is a legal agreement ("Agreement") between the undersigned (either an individual or an entity)

HP Technical Phone Support service agreement ( Agreement ) terms and conditions

Extended Validation SSL

- 1 - StruxureWare TM Data Center Expert Periodic Maintenance. Software Integration Service. 1.0 Executive Summary. 2.0 Features & Benefits

Transcription:

Focus on Security Xerox and the P2600 Hardcopy Device and System Security Working Group Table of Contents 3 Introduction 3 What The Working Group Provides 4 The Xerox Role 4 What This Means To Xerox Customers 4 When Are You Finished? March 24, 2010 Xerox Engineering Services Xerox Corporation Copyright 2010 Xerox Corporation Copyright protection claimed includes all forms and matters of copyrighted material and information now allowed by statutory or judicial law or hereinafter granted, including without limitation, material generated from the software programs that are displayed on the screen such as styles, templates, icons, screen displays, looks, etc. XEROX and all Xerox product names and product numbers mentioned in this publication are trademarks of XEROX CORPORATION. All non-xerox brands and product names may be trademarks or registered trademarks of the respective companies, and are hereby acknowledged. Product appearance, build status and/or specifications are subject to change without notice.

2

Xerox and the P2600 Working Group Introduction The Institute of Electrical and Electronics Engineers created the P2600: Hardcopy Device and System Security Working Group in 2004to develop security standards. The focus of the Working Group is to identify and document security issues and threats, and then provide recommendations to manufacturers on how to mitigate these security risks. The goals of this activity are to: Define security requirements that include all aspects of security for manufacturers, users and others on the selection, installation, configuration and usage of hardcopy devices and systems including printers, copiers, and multifunction devices and the computer systems that support these. Identify security exposures of hardcopy devices and systems and instruct manufacturers and software developers on appropriate security capabilities to include in their devices and systems and instruct users on appropriate ways to use these security capabilities. What The Working Group Provides The aspects of hardcopy device security that are covered in the standard are: Authentication Authorization Physical Security Device Management Information Security Integrity Privacy Auditing / Monitoring Network Security Xerox has been involved in the support of the P2600 Working Group since it started. For each of the areas covered, the applicable threats and proposed mitigation strategies oriented towards both device manufacturers and IT professionals are documented in detail by the IEEE Std 2600-2008 Hardcopy Device and System Security Standard (https://www.ieee.org). The standard also defines the general set of security features that any hardcopy device must have to comply with the standard. The working group also created a separate IEEE Protection Profile standard for each of the four operational environments defined in IEEE Std 2600. These four Protection Profile standards provide the set of minimum security requirements that a hardcopy device such as a printer or a multi-function device must conform with in order to become Common Criteria certified in one of the four operational environments. The P2600 Working Group completed its planned standard development activity in February 2010. Maintenance of the standards developed by the P2600 Working Group will continue under the auspices of the IEEE Standards Board. 3

Xerox and the P2600 Working Group The Xerox Role Xerox has been involved with the P2600 Working Group since its initial meetings in February 2004. Xerox recognized the security focus of the standards being created by the P2600 Working Group, and therefore deemed it critical to participate in this Working Group. This is one of many standards groups to which Xerox belongs. By participating in the P2600 Working Group, Xerox is leading the community of security practitioners and hardcopy device manufacturers as a whole to put the security issues associated with hardcopy devices in the forefront for both technical staff and customers. It is only through cooperative industry-wide efforts of this type that printers, copiers, and multi-function devices will be able to keep sensitive company and personal data secure. Xerox has worked hard to comply with the requirements detailed by the IEEE 2600 set of standards. Conforming with the standards as they exist and staying connected to follow their evolution keeps Xerox products out in front when it comes to security issues. What This Means To Xerox Customers Through its participation in the P2600 Working Group and the constant monitoring of vulnerabilities through the various sources such as US-CERT, Microsoft Security Bulletins, Sun Microsystems Alerts, and Secunia, Xerox keeps pace with security issues as they happen and can alert our product delivery teams so action can be taken. Xerox s participation in the P2600 Working Group also means that its newest printers, copiers, and multi-function devices will be designed from the beginning to have the necessary security features and security capabilities so that they fully conform to the IEEE 2600 set of standards once the devices are properly configured. Once a product is launched, Xerox has implemented a security patch management process that makes sure devices in the field are given security patches or new software releases in a timely manner to continually ensure our devices counter the latest security threats. Taken together, customers can be assured that the newest Xerox hardcopy devices will meet current industry standards for security and will continuously mitigate applicable threats and vulnerabilities. When Are You Finished? A trick question for sure. As new exploits and vulnerabilities are being found and documented almost daily, it has become a full-time job to perform the necessary analysis of the latest vulnerabilities and then prepare methods to combat or mitigate them. Organizations such as US-CERT publish lists of vulnerabilities each week. Our Xerox CERT Response Team reviews this list as well as lists from other security bug tracking sources for any issues that might affect Xerox products. Even though the working group has provided Protection Profiles that we use during the product design process, to answer the When Are You Finished? question, - we re never finished. Detailed evaluation of your security environment will help you create solutions that secure your data and your workflows. 4

NOTICE: DISCLAIMER THIS INFORMATION IS PROVIDED FOR INFORMATION PURPOSES ONLY. XEROX CORPORATION MAKES NO CLAIMS, PROMISES OR GUARANTEES ABOUT THE ACCURACY, COMPLETENESS, OR ADEQUACY OF THE INFORMA- TION CONTAINED IN THIS WHITE PAPER AND DISCLAIMS ALL LIABILITY CONCERNING THE INFORMATION AND/ OR THE CONSEQUENCES OF ACTING ON ANY SUCH INFORMATION. PERFORMANCE OF THE PRODUCTS REFER- ENCED HEREIN IS EXCLUSIVELY SUBJECT TO THE APPLICABLE XEROX CORPORATION TERMS AND CONDITIONS OF SALE, LICENSE AND/OR LEASE. NOTHING STATED IN THIS WHITE PAPER CONSTITUTES THE ESTABLISHMENT OF ANY ADDITIONAL AGREEMENT OR BINDING OBLIGATIONS BETWEEN XEROX CORPORATION AND ANY THIRD PARTY. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information