SECURITY FOR MFD's AND PRINTERS
20 June 19
Comtech's efforts towards MFD and printer security:
Comtech recognises the importance of assuring information security in MFDs and printers in the customer's environment, and informs the customers of its importance.
Comtech's first priority is to securely protect the customer's information assets. We are taking necessary actions on numerous printer security measures to protect the customer's information assets against threats that are increasingly sophisticated and diverse. While constantly working to enhance the usability of the MFDs and printers, Comtech is simultaneously striving to maintain and improve the high levels of security on the MFDs and printers, corresponding to each customer's working environment.
Comtech understands the importance of open communication with and feedback from customers on security questions and concerns about our products and we will promptly reply to all customer inquiries.
Comtech is putting strong and focused effort into developing secure print functions that will provide more security when using MFDs and Printers. We are also developing MFDs that comply with the Common Criteria international security standard (ISO/IEC 15408) so that customers will be able to use our products with ease. Comtech products will be certified under IEEE 2600.1, which is an international security standard for hard copy devices enacted in 2009. In addition, the Federal Information Processing Standard, FIPS 140-2 certified hard drive is available for some models for sensitive data protection. KYOCERA will continuously drive further improvements in security enhancement as standards develop or new technologies evolve to protect the devices.
Information security that must be assured in MFDs and printers
Information security is to protect information assets such as printed documents, address books and the like, against information leaks, data alteration and denial of service attacks, and other such threats while maintaining the three security attributes (CIA) : Confidentiality, Integrity and Availability.
Comtech develops MFDs and printers while having awareness of the three security attributes (CIA) in order for customers to securely use their products.
Confidentiality means that only persons who are authorized to access information assets can access and use these information assets. To maintain Confidentiality, we must prevent unauthorised access to information assets. For example, identification and authentication functions on MFDs and printers, enable appropriate access control to prevent unauthorised disclosure of customer's information assets on MFDs and printers.
Integrity means that information assets must be accurate and correct. To maintain Integrity, information assets must be protected against unauthorised alteration by a malicious third party. For example, the usage of encryption functionality helps ensure data protection and prevents alteration of information assets on MFDs and printers.
Availability means that information assets must be accessible when authorized users need to access them; while maintaining Confidentiality and Integrity. To maintain Availability, information assets must be available at the exact timing when an authorized user wishes to use it. For example, the usage of the interface block function and the like, restricting access to devices via a network, help protect interfaces from denial of service attacks to MFDs and printers.
Product Lifestyle Security:
Comtech believes that security measures are necessary throughout to the product lifecycle from the time of device installation and operation through decommission.
In the Installation phase, passwords and usage restrictions can be set. In the Operation phase, access control, stored data protection and audit logs, security updates and the like are performed to support secure usage of the products. In the Decommission phase, initialization and internal data sanitization can be performed to prevent malicious parties from taking data from the device after disposal.
Product Development Lifestyle Security:
Comtech implements appropriate security countermeasures with respect to the different phases in the product development lifecycle of planning, development, evaluation, production and sales.
In the planning phase, we continuously check for the newest security trends and vulnerability information. We extract and analyse security requirements based on customer's security requests so that we will be able to incorporate them in our new models and solve any issues in an early stage.
In the development phase, we develop security functions for customers to use Comtech products in a more secure way. We strictly check potential vulnerabilities to ensure we do not embed these known items.
In the evaluation phase, our products are not only passed through internal evaluation, but also through objective security evaluations by third-party laboratories.
In the production phase, we establish a secure environment and ensure secure production by strictly following an operation process manual that enables us to perform precise operations.
Even after sales, we strive to respond promptly to any security concerns from the market.
Furthermore, Comtech is working to ensure products comply with the Common Criteria international security standard certification (known as ISO/IEC15408) that is granted when a third-party laboratory objectively determines that security functions on the products have gone through the comprehensive and rigorous process of planning, development, evaluation, production and sales phase, and then function correctly at the customer's site.