Minimum Standards for Multi-function Devices
Multi-function Devices – Printers/Faxes/Scanners
|Preparation and Installation||If machine is a new install, protect it from hostile network traffic, until the operating system is installed and hardened.||1||*|
|Disable all protocols other than IP if they are not being utilized.||2||*|
|Disable Universal Plug and Play – UPnP|
|Assign the MFP a static IP address and DNS configuration.||3||*|
|Disable unused bluetooth interfaces|
|Disable unused wireless interfaces on the device.|
|Restrict printing/copying/faxing/scanning to the minimum number of subnets practical for the device to function for its group of users.||*|
|Use secure communications protocols.||4||*|
|Disable SNMP if not used||*||**|
|Ensure the MFD maintains its configuration state after power-down or reboot. If a full reset is performed, ensure that a process is in place to reconfigure the MFD back to its production state.||*|
|Disable unneeded management protocols.||5||*|
|Upgrade to patched firmware expediently, in a manner consistent with change control processes.||*||**|
|Utilize automated patching notification, if available.||6||*|
|Devices must be regularly scanned for vulnerabilities and remediations managed in accordance with UNTHSC Software Patch and Vulnerability Management Standards|
|Only allow specific, trusted subnets or hosts to manage the MFD.||*|
|Limit print/copy/fax/scan services to required protocols.||7||*|
|If hard disk functionality is enabled, configure the MFD to remove spooled files, images, and other temporary data using a secure overwrite between jobs.||8||*|
|Ensure that the MFD provides secure storage for Category I data such as HIPAA, FERPA, CUI, etc.||9||*|
Require PIN for Confidential Job Retrieval
|Accept Jobs from only authorized spoolers and users||**|
|Ensure that logging is enabled on MFDs.||10||*|
|Logs are reviewed on a regular basis.||*|
|Logs follow data retention policies.||*|
|Physically secure the MFD in areas with restricted access.||11||*|
|Lock and prevent access to the hard disk.||12||*|
|Ensure that only printer administrators can modify the global configuration from the console by requiring a password.||*|
|Ensure that sensitive data is disposed of at device end-of-life.||13||*|
|Require PIN for Administrative Control Panel||**|
Verify configuration state after power loss.
If other alternatives are unavailable, this can be accomplished by installing a router or firewall in between the network and the host to be protected. Performing as much of the configuration as possible while the MFD is not plugged into the network is another alternative.
|2||Some printers support non-IP based protocols for compatibility with legacy systems. These might include AppleTalk and IPX/SPX. These protocols are more difficult to monitor and secure, and should be disabled if they are not being used.|
|3||Giving MFDs static IP addresses or DHCP reservations makes it easier to monitor them and apply access lists on hardware-based firewalls. Consider placing sensitive MFDs on their own VLAN, which may make them easier to identify and secure. It is also strongly advised to give MFDs campus-routed RFC 1918 addresses, so that they are not accessible from the Internet. It is rare that an MFD needs to be accessed from off-campus, and a VPN can be used in those instances.|
|4||Examples of ways to provide secure communications:
Rather than printing directly over the Internet, restrict printing to a select group of trusted campus subnets and use the VPN to print over the Internet.
|5||Examples of management protocols that can possibly be disabled:
|6||MFD upgrades are often manual processes. Patch update notifications might include e-mails from the manufacturer or leasing company. Security configuration should be validated after patching and vendor maintenance.|
|7||Examples of possible protocols:
SMTP: This is often used for scanning and faxing, and can often be disabled
|8||Some MFDs may include the ability to securely erase job-related files in between jobs. Others might require an optional security kit from the manufacturer|
|9||Some ways to provide secure storage on MFDs:
Some MFDs support encrypted storage, either natively or with the addition of a security kit. If this option is available, consider using it.
Print spoolers typically contain functionality to log all submitted requests. It is recommended that these facilities be enabled on the print spooler, logging levels be set to ensure adequate details are preserved, and logs be reviewed.
When a security event occurs, spooler access logs may provide investigators with information necessary to determine the extent and origin of the event.
|10||The level of confidentiality required dictates how MFDs are physically placed. Examples might include:
When a vendor is working on the MFD, the vendor’s work is monitored to ensure that security measures are not removed during the course of troubleshooting. If they are removed, they must be put back in place.
Refer to the UNTHSC Standards for Data Security and Information Ownership (Draft) for more information.
|11||If the MFD has a removable hard drive option, then ensure that the drive is locked into the device.|
|12||For those devices that are not under a specific lease/contract which specifies special handling of the hard drives, follow the UNTHSC Disposal of Information Resources -Draft.|