ImageVerifierCode 换一换
格式:PDF , 页数:187 ,大小:2.27MB ,
资源ID:1248605      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-1248605.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(IEEE 2600-2008 en Information Technology Hardcopy Device and System Security (IEEE Computer Society)《信息技术 硬拷贝装置和系统安全》.pdf)为本站会员(ownview251)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

IEEE 2600-2008 en Information Technology Hardcopy Device and System Security (IEEE Computer Society)《信息技术 硬拷贝装置和系统安全》.pdf

1、IEEE Std 2600-2008IEEE Standard for InformationTechnology: Hardcopy Device andSystem SecurityIEEE3 Park Avenue New York, NY 10016-5997, USA30 June 2008IEEE Computer SocietySponsored by theInformation Assurance Committee 2600TMIEEE Std 2600-2008 IEEE Standard for Information Technology: Hardcopy Devi

2、ce and System Security Sponsor Information Assurance Committee of the IEEE Computer Society Approved 27 March 2008 IEEE-SA Standards Board The following companies have agreed to make financial contributions to underwrite the cost of Common Criteria certification of some or all of the IEEE Std 2600-s

3、eries Protection Profiles: Canon Inc.; Fuji Xerox; The Hewlett-Packard Company; InfoPrint Solutions Company; Konica Minolta; Kyocera Mita Corporation; Lexmark International, Inc.; Oc; Oki Printing Solutions; Ricoh Company, Ltd.; Samsung Electronics Co., Ltd.; Sharp Corporation; Toshiba TEC Corporati

4、on; Xerox Corporation Abstract: This standard defines security requirements (all aspects of security including but not limited to authentication, authorization, privacy, integrity, device management, physical security, and information security) for manufacturers, users, and others on the selection,

5、installation, configuration, and usage of hardcopy devices (HCDs) and systems, including printers, copiers, and multifunction devices (MFDs), and the computer systems that support these devices. This standard identifies security exposures for these HCDs and systems, and instructs manufacturers and s

6、oftware developers on appropriate security capabilities to include in their devices and systems, and instructs users on appropriate ways to use these security capabilities. Keywords: all-in-one, copier, facsimile, fax, hardcopy device, HCD, information security, MFD, MFP, multifunction device, multi

7、function product, printer, scanner The Institute of Electrical and Electronics Engineers, Inc. 3 Park Avenue, New York, NY 10016-5997, USA Copyright 2008 by the Institute of Electrical and Electronics Engineers, Inc. All rights reserved. Published 30 June 2008. Printed in the United States of Americ

8、a. IEEE is a registered trademark in the U.S. Patent +1 978 750 8400. Permission to photocopy portions of any individual standard for educational classroom use can also be obtained through the Copyright Clearance Center. Introduction This introduction is not part of IEEE Std 2600-2008, IEEE Standard

9、 for Information Technology: Hardcopy Device and System Security. This standard defines the security requirements and guidance for manufacturers, information technology (IT) professionals, users, and others on the selection, installation, configuration, and usage of secure hardcopy devices (HCDs) an

10、d systems. The standard defines unique security requirements for HCDs in four different usage environments that map to most HCD installations. This standard is part of a family of standards that are related to HCD and system security. IEEE P2600.1 B34,aIEEE P2600.2 B35, IEEE P2600.3 B36, and IEEE P2

11、600.4 B37 provide Common Criteria protection profiles that can be used by manufacturers to create Common Criteria version 3.1 conformant Security Target documents for use in the Common Criteria certification program. Respectively, IEEE P2600.1, IEEE P2600.2, IEEE P2600.3, and IEEE P2600.4 are protec

12、tion profiles that correspond to Operational Environments A, B, C, and D, as defined in this standard. The requirements for each environment listed in the compliance clause in this standard map directly to the required security objectives in the profile documents. This standard also defines addition

13、al security guidance and recommendations for non-IT security techniques that are beyond the scope of Common Criteria certification and for IT security techniques that cannot be exhaustively tested and verified in the Common Criteria certification program. Notice to users Laws and regulations Users o

14、f these documents should consult all applicable laws and regulations. Compliance with the provisions of this standard does not imply compliance to any applicable regulatory requirements. Implementers of the standard are responsible for observing or referring to the applicable regulatory requirements

15、. IEEE does not, by the publication of its standards, intend to urge action that is not in compliance with applicable laws, and these documents may not be construed as doing so. Copyrights This document is copyrighted by the IEEE. It is made available for a wide variety of both public and private us

16、es. These include both use, by reference, in laws and regulations, and use in private self-regulation, standardization, and the promotion of engineering practices and methods. By making this document available for use and adoption by public authorities and private users, the IEEE does not waive any

17、rights in copyright to this document. Updating of IEEE documents Users of IEEE standards should be aware that these documents may be superseded at any time by the issuance of new editions or may be amended from time to time through the issuance of amendments, corrigenda, or errata. An official IEEE

18、document at any point in time consists of the current edition of the document together with any amendments, corrigenda, or errata then in effect. In order to determine aThe numbers in brackets correspond to those of the bibliography in Annex B. iv Copyright 2008. All rights reserved. whether a given

19、 document is the current edition and whether it has been amended through the issuance of amendments, corrigenda, or errata, visit the IEEE Standards Association Web site at http:/ieeexplore.ieee.org/xpl/standards.jsp, or contact the IEEE at the address listed previously. For more information about t

20、he IEEE Standards Association or the IEEE standards development process, visit the IEEE-SA Web site at http:/standards.ieee.org. Errata Errata, if any, for this and all other standards can be accessed at the following URL: http:/standards.ieee.org/reading/ieee/updates/errata/index.html. Users are en

21、couraged to check this URL for errata periodically. Interpretations Current interpretations can be accessed at the following URL: http:/standards.ieee.org/reading/ieee/interp/ index.html. Patents Attention is called to the possibility that implementation of this standard may require use of subject m

22、atter covered by patent rights. By publication of this standard, no position is taken with respect to the existence or validity of any patent rights in connection therewith. A patent holder or patent applicant has filed a statement of assurance that it will grant licenses under these rights without

23、compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination to applicants desiring to obtain such licenses. Other Essential Patent Claims may exist for which a statement of assurance has not been received. The IEEE is not respo

24、nsible for identifying Essential Patent Claims for which a license may be required, for conducting inquiries into the legal validity or scope of Patents Claims, or determining whether any licensing terms or conditions provided in connection with submission of a Letter of Assurance, if any, or in any

25、 licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly advised that determination of the validity of any patent rights, and the risk of infringement of such rights, is entirely their own responsibility. Further information may be obtained from the IEEE Stand

26、ards Association. v Copyright 2008 IEEE. All rights reserved. vi Copyright 2008 IEEE. All rights reserved. Participants At the time this standard was submitted to the IEEE-SA Standards Board for approval, the P2600 Standard Working Group had the following membership: Don Wright, Chair Lee Farrell, V

27、ice Chair Brian Smithson, Secretary Jerry Thrasher, Editor Hiromasa Akamatsu Carmen Aubry Ron Bergman Shah Bhatti Nancy Chen Peter Cybuck Nick Del Re David Freas Fusayuki Fujita Satoshi Fujitani Tom Haapanen Kazutaka Higo Hiroshi Hosaka Akihiko Iwasaki Harry Lewis Jean-Claude Longo Daniel Manchala T

28、akanori Masui Takeshi Nakamura Ron Nevo Wanda Nuckolls Yusuke Ohta Ken Ota Glen Petrie Stuart Rowley Ole Skov Alan Sukert Yasuji Takeuchi Hiroki Uchiyama Shigeru Ueda Brian Volkoff Bill Wagner Jan Walter Craig Whittle Sameer Yami Liang ZhaoThe following members of the individual balloting committee

29、voted on this standard. Balloters may have voted for approval, disapproval, or abstention. Danilo Antonelli Carmen Aubry Matthew Ball Massimo Cardaci Juan Carreon Ying Chen Keith Chow John Cole Geoffrey Darnton Russell Dietz Lee Farrell Randall Groves Tom Haapanen Mark Henley Eric Hibbard Werner Hoe

30、lzl Raj Jain Piotr Karocki Michael S. Newman Charles K. Ngethe Michael D. Rush Brian Smithson Thomas Starai Walter Struppler Jerry Thrasher Thomas Tullia Paul Work Don Wright Sameer YamiWhen the IEEE-SA Standards Board approved this standard on 27 March 2008, it had the following membership: Robert

31、M. Grow, Chair Thomas Prevost, Vice Chair Steve M. Mills, Past Chair Judith Gorman, Secretary Victor Berman Richard DeBlasio Andy Drozd Mark Epstein Alexander Gelman William R. Goldbach Arnold M. Greenspan Kenneth S. Hanus Jim Hughes Richard H. Hulett Young Kyun Kim Joseph L. Koepfinger* John Kulick

32、 David J. Law Glenn Parsons Ronald C. Petersen Chuck Powers Narayanan Ramachandran Jon Walter Rosdahl Anne-Marie Sahazizian Malcolm V. Thaden Howard L. Wolfman Don Wright*Member Emeritus Also included are the following nonvoting IEEE-SA Standards Board liaisons: Satish K. Aggarwal, NRC Representativ

33、e Michael H. Kelley, NIST Representative Jennie Steinhagen IEEE Standards Program Manager, Document Development Michael D. Kipness IEEE Standards Program Manager, Technical Program Development vii Copyright 2008 IEEE. All rights reserved. Contents 1. Overview 1 1.1 Scope . 1 1.2 Purpose 1 1.3 Docume

34、nt structure 2 2. Definitions, special terms, acronyms, and abbreviations 3 2.1 Definitions . 3 2.2 Special terms 3 2.3 Acronyms and abbreviations . 7 3. Introduction to hardcopy devices . 13 3.1 Hardcopy device overview 13 3.2 Generic architecture. 13 3.3 Similarities and differences between HCDs a

35、nd other IT devices. 16 3.4 Determining the appropriate security strategy for an HCD . 18 4. Operational environments. 21 4.1 Background 21 4.2 Operational Environment A. 21 4.3 Operational Environment B. 26 4.4 Operational Environment C. 31 4.5 Operational Environment D. 33 4.6 Choosing the most ap

36、plicable operational environment 36 5. Hardcopy device assets. 38 5.1 Overview . 38 5.2 HCD asset definitions 38 5.3 Asset values in the operational environments 39 6. Hardcopy device threats . 41 6.1 Overview . 41 6.2 Threat summaries 41 6.3 Threat vectors and descriptions . 44 6.4 Threat risk leve

37、ls . 69 7. Threat mitigation techniques 71 7.1 Mitigating threats to HCD Availability . 71 7.2 Mitigating threats to HCD Physical Resources . 83 7.3 Mitigating threats to HCD User Document and User Function Data 86 7.4 Mitigating threats to HCD Confidential and Protected Data . 103 7.5 Mitigating th

38、reats to HCD software. 112 7.6 Mitigating threats to the HCD External Environment . 114 8. Compliance. 117 8.1 Compliance security objectives for HCD manufacturers. 117 8.2 Compliance security objectives for IT professionals. 128 Annex A (informative) Best practices 136 Annex B (informative) Bibliog

39、raphy 171 viii Copyright 2008 IEEE. All rights reserved. IEEE Standard for Information Technology: Hardcopy Device and System Security IMPORTANT NOTICE: This standard is not intended to assure safety, security, health, or environmental protection in all circumstances. Implementers of the standard ar

40、e responsible for determining appropriate safety, security, environmental, and health practices or regulatory requirements. This IEEE document is made available for use subject to important notices and legal disclaimers. These notices and disclaimers appear in all publications containing this docume

41、nt and may be found under the heading “Important Notice” or “Important Notices and Disclaimers Concerning IEEE Documents.” They can also be obtained on request from IEEE or viewed at http:/standards.ieee.org/IPR/ disclaimers.html. 1. Overview 1.1 Scope This standard defines security requirements (al

42、l aspects of security including but not limited to authentication, authorization, privacy, integrity, device management, physical security and information security) for manufacturers, users, and others on the selection, installation, configuration and usage of hardcopy devices (HCDs) and systems; in

43、cluding printers, copiers, and multifunction devices (MFDs). This standard identifies security exposures for these HCDs and systems, and instructs manufacturers and software developers on appropriate security capabilities to include in their devices and systems, and instructs users on appropriate wa

44、ys to use these security capabilities. 1.2 Purpose In todays information technology (IT) environment, significant time and effort are being spent on security for workstations and servers. However, todays HCDs (printers, copiers, MFDs, etc.) are connected to the same local area networks (LANs) and co

45、ntain many of the same communications, processing and storage components, and are subject to many of the same security problems as workstations and servers. At this time, there are no standards to guide manufacturers or users of HCDs in the secure installation, configuration, or usage of these devic

46、es and systems. 1 Copyright 2008 IEEE. All rights reserved. IEEE Std 2600-2008 IEEE Standard for Information Technology: Hardcopy Device and System Security The purpose of this document is to serve as such a standard and its goals are: a) To provide guidance in the secure architecture, design, and o

47、ut-of-box configuration of HCDs for manufacturers; b) To provide guidance in the secure installation, configuration, and use of HCDs for end users and their supporting organizations. 1.3 Document structure Clause 1 provides the scope and purpose of the standard and an overview of the standards struc

48、ture. Clause 2 provides the definitions, special terms, acronyms, and abbreviations used in this standard. Clause 3 describes the structure, architecture, and functions of a hardcopy device. Clause 4 describes the various security environments of hardcopy devices considered by this standard. Clause

49、5 describes the various assets of an HCD. Clause 6 describes the threats against HCDs that are considered by this standard. Clause 7 describes some of the mitigation techniques used to address each threat described in Clause 6. Mitigation techniques are provided for manufacturers, IT administrators, and users. Clause 8 indicates specific security objectives, by operational environment, that are mandatory for compliance with this standard and provides example mitigation techniques that may be used to accomplish these objectives. Annex A describes the best p

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1