1、IEEE Std 2600-2008IEEE Standard for InformationTechnology: Hardcopy Device andSystem SecurityIEEE3 Park Avenue New York, NY 10016-5997, USA30 June 2008IEEE Computer SocietySponsored by theInformation Assurance Committee 2600TMIEEE Std 2600-2008 IEEE Standard for Information Technology: Hardcopy Devi
2、ce and System Security Sponsor Information Assurance Committee of the IEEE Computer Society Approved 27 March 2008 IEEE-SA Standards Board The following companies have agreed to make financial contributions to underwrite the cost of Common Criteria certification of some or all of the IEEE Std 2600-s
3、eries Protection Profiles: Canon Inc.; Fuji Xerox; The Hewlett-Packard Company; InfoPrint Solutions Company; Konica Minolta; Kyocera Mita Corporation; Lexmark International, Inc.; Oc; Oki Printing Solutions; Ricoh Company, Ltd.; Samsung Electronics Co., Ltd.; Sharp Corporation; Toshiba TEC Corporati
4、on; Xerox Corporation Abstract: This standard defines security requirements (all aspects of security including but not limited to authentication, authorization, privacy, integrity, device management, physical security, and information security) for manufacturers, users, and others on the selection,
5、installation, configuration, and usage of hardcopy devices (HCDs) and systems, including printers, copiers, and multifunction devices (MFDs), and the computer systems that support these devices. This standard identifies security exposures for these HCDs and systems, and instructs manufacturers and s
6、oftware developers on appropriate security capabilities to include in their devices and systems, and instructs users on appropriate ways to use these security capabilities. Keywords: all-in-one, copier, facsimile, fax, hardcopy device, HCD, information security, MFD, MFP, multifunction device, multi
7、function product, printer, scanner The Institute of Electrical and Electronics Engineers, Inc. 3 Park Avenue, New York, NY 10016-5997, USA Copyright 2008 by the Institute of Electrical and Electronics Engineers, Inc. All rights reserved. Published 30 June 2008. Printed in the United States of Americ
8、a. IEEE is a registered trademark in the U.S. Patent +1 978 750 8400. Permission to photocopy portions of any individual standard for educational classroom use can also be obtained through the Copyright Clearance Center. Introduction This introduction is not part of IEEE Std 2600-2008, IEEE Standard
9、 for Information Technology: Hardcopy Device and System Security. This standard defines the security requirements and guidance for manufacturers, information technology (IT) professionals, users, and others on the selection, installation, configuration, and usage of secure hardcopy devices (HCDs) an
10、d systems. The standard defines unique security requirements for HCDs in four different usage environments that map to most HCD installations. This standard is part of a family of standards that are related to HCD and system security. IEEE P2600.1 B34,aIEEE P2600.2 B35, IEEE P2600.3 B36, and IEEE P2
11、600.4 B37 provide Common Criteria protection profiles that can be used by manufacturers to create Common Criteria version 3.1 conformant Security Target documents for use in the Common Criteria certification program. Respectively, IEEE P2600.1, IEEE P2600.2, IEEE P2600.3, and IEEE P2600.4 are protec
12、tion profiles that correspond to Operational Environments A, B, C, and D, as defined in this standard. The requirements for each environment listed in the compliance clause in this standard map directly to the required security objectives in the profile documents. This standard also defines addition
13、al security guidance and recommendations for non-IT security techniques that are beyond the scope of Common Criteria certification and for IT security techniques that cannot be exhaustively tested and verified in the Common Criteria certification program. Notice to users Laws and regulations Users o
14、f these documents should consult all applicable laws and regulations. Compliance with the provisions of this standard does not imply compliance to any applicable regulatory requirements. Implementers of the standard are responsible for observing or referring to the applicable regulatory requirements
15、. IEEE does not, by the publication of its standards, intend to urge action that is not in compliance with applicable laws, and these documents may not be construed as doing so. Copyrights This document is copyrighted by the IEEE. It is made available for a wide variety of both public and private us
16、es. These include both use, by reference, in laws and regulations, and use in private self-regulation, standardization, and the promotion of engineering practices and methods. By making this document available for use and adoption by public authorities and private users, the IEEE does not waive any
17、rights in copyright to this document. Updating of IEEE documents Users of IEEE standards should be aware that these documents may be superseded at any time by the issuance of new editions or may be amended from time to time through the issuance of amendments, corrigenda, or errata. An official IEEE
18、document at any point in time consists of the current edition of the document together with any amendments, corrigenda, or errata then in effect. In order to determine aThe numbers in brackets correspond to those of the bibliography in Annex B. iv Copyright 2008. All rights reserved. whether a given
19、 document is the current edition and whether it has been amended through the issuance of amendments, corrigenda, or errata, visit the IEEE Standards Association Web site at http:/ieeexplore.ieee.org/xpl/standards.jsp, or contact the IEEE at the address listed previously. For more information about t
20、he IEEE Standards Association or the IEEE standards development process, visit the IEEE-SA Web site at http:/standards.ieee.org. Errata Errata, if any, for this and all other standards can be accessed at the following URL: http:/standards.ieee.org/reading/ieee/updates/errata/index.html. Users are en
21、couraged to check this URL for errata periodically. Interpretations Current interpretations can be accessed at the following URL: http:/standards.ieee.org/reading/ieee/interp/ index.html. Patents Attention is called to the possibility that implementation of this standard may require use of subject m
22、atter covered by patent rights. By publication of this standard, no position is taken with respect to the existence or validity of any patent rights in connection therewith. A patent holder or patent applicant has filed a statement of assurance that it will grant licenses under these rights without
23、compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination to applicants desiring to obtain such licenses. Other Essential Patent Claims may exist for which a statement of assurance has not been received. The IEEE is not respo
24、nsible for identifying Essential Patent Claims for which a license may be required, for conducting inquiries into the legal validity or scope of Patents Claims, or determining whether any licensing terms or conditions provided in connection with submission of a Letter of Assurance, if any, or in any
25、 licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly advised that determination of the validity of any patent rights, and the risk of infringement of such rights, is entirely their own responsibility. Further information may be obtained from the IEEE Stand
26、ards Association. v Copyright 2008 IEEE. All rights reserved. vi Copyright 2008 IEEE. All rights reserved. Participants At the time this standard was submitted to the IEEE-SA Standards Board for approval, the P2600 Standard Working Group had the following membership: Don Wright, Chair Lee Farrell, V
27、ice Chair Brian Smithson, Secretary Jerry Thrasher, Editor Hiromasa Akamatsu Carmen Aubry Ron Bergman Shah Bhatti Nancy Chen Peter Cybuck Nick Del Re David Freas Fusayuki Fujita Satoshi Fujitani Tom Haapanen Kazutaka Higo Hiroshi Hosaka Akihiko Iwasaki Harry Lewis Jean-Claude Longo Daniel Manchala T
28、akanori Masui Takeshi Nakamura Ron Nevo Wanda Nuckolls Yusuke Ohta Ken Ota Glen Petrie Stuart Rowley Ole Skov Alan Sukert Yasuji Takeuchi Hiroki Uchiyama Shigeru Ueda Brian Volkoff Bill Wagner Jan Walter Craig Whittle Sameer Yami Liang ZhaoThe following members of the individual balloting committee
29、voted on this standard. Balloters may have voted for approval, disapproval, or abstention. Danilo Antonelli Carmen Aubry Matthew Ball Massimo Cardaci Juan Carreon Ying Chen Keith Chow John Cole Geoffrey Darnton Russell Dietz Lee Farrell Randall Groves Tom Haapanen Mark Henley Eric Hibbard Werner Hoe
30、lzl Raj Jain Piotr Karocki Michael S. Newman Charles K. Ngethe Michael D. Rush Brian Smithson Thomas Starai Walter Struppler Jerry Thrasher Thomas Tullia Paul Work Don Wright Sameer YamiWhen the IEEE-SA Standards Board approved this standard on 27 March 2008, it had the following membership: Robert
31、M. Grow, Chair Thomas Prevost, Vice Chair Steve M. Mills, Past Chair Judith Gorman, Secretary Victor Berman Richard DeBlasio Andy Drozd Mark Epstein Alexander Gelman William R. Goldbach Arnold M. Greenspan Kenneth S. Hanus Jim Hughes Richard H. Hulett Young Kyun Kim Joseph L. Koepfinger* John Kulick
32、 David J. Law Glenn Parsons Ronald C. Petersen Chuck Powers Narayanan Ramachandran Jon Walter Rosdahl Anne-Marie Sahazizian Malcolm V. Thaden Howard L. Wolfman Don Wright*Member Emeritus Also included are the following nonvoting IEEE-SA Standards Board liaisons: Satish K. Aggarwal, NRC Representativ
33、e Michael H. Kelley, NIST Representative Jennie Steinhagen IEEE Standards Program Manager, Document Development Michael D. Kipness IEEE Standards Program Manager, Technical Program Development vii Copyright 2008 IEEE. All rights reserved. Contents 1. Overview 1 1.1 Scope . 1 1.2 Purpose 1 1.3 Docume
34、nt structure 2 2. Definitions, special terms, acronyms, and abbreviations 3 2.1 Definitions . 3 2.2 Special terms 3 2.3 Acronyms and abbreviations . 7 3. Introduction to hardcopy devices . 13 3.1 Hardcopy device overview 13 3.2 Generic architecture. 13 3.3 Similarities and differences between HCDs a
35、nd other IT devices. 16 3.4 Determining the appropriate security strategy for an HCD . 18 4. Operational environments. 21 4.1 Background 21 4.2 Operational Environment A. 21 4.3 Operational Environment B. 26 4.4 Operational Environment C. 31 4.5 Operational Environment D. 33 4.6 Choosing the most ap
36、plicable operational environment 36 5. Hardcopy device assets. 38 5.1 Overview . 38 5.2 HCD asset definitions 38 5.3 Asset values in the operational environments 39 6. Hardcopy device threats . 41 6.1 Overview . 41 6.2 Threat summaries 41 6.3 Threat vectors and descriptions . 44 6.4 Threat risk leve
37、ls . 69 7. Threat mitigation techniques 71 7.1 Mitigating threats to HCD Availability . 71 7.2 Mitigating threats to HCD Physical Resources . 83 7.3 Mitigating threats to HCD User Document and User Function Data 86 7.4 Mitigating threats to HCD Confidential and Protected Data . 103 7.5 Mitigating th
38、reats to HCD software. 112 7.6 Mitigating threats to the HCD External Environment . 114 8. Compliance. 117 8.1 Compliance security objectives for HCD manufacturers. 117 8.2 Compliance security objectives for IT professionals. 128 Annex A (informative) Best practices 136 Annex B (informative) Bibliog
39、raphy 171 viii Copyright 2008 IEEE. All rights reserved. IEEE Standard for Information Technology: Hardcopy Device and System Security IMPORTANT NOTICE: This standard is not intended to assure safety, security, health, or environmental protection in all circumstances. Implementers of the standard ar
40、e responsible for determining appropriate safety, security, environmental, and health practices or regulatory requirements. This IEEE document is made available for use subject to important notices and legal disclaimers. These notices and disclaimers appear in all publications containing this docume
41、nt and may be found under the heading “Important Notice” or “Important Notices and Disclaimers Concerning IEEE Documents.” They can also be obtained on request from IEEE or viewed at http:/standards.ieee.org/IPR/ disclaimers.html. 1. Overview 1.1 Scope This standard defines security requirements (al
42、l aspects of security including but not limited to authentication, authorization, privacy, integrity, device management, physical security and information security) for manufacturers, users, and others on the selection, installation, configuration and usage of hardcopy devices (HCDs) and systems; in
43、cluding printers, copiers, and multifunction devices (MFDs). This standard identifies security exposures for these HCDs and systems, and instructs manufacturers and software developers on appropriate security capabilities to include in their devices and systems, and instructs users on appropriate wa
44、ys to use these security capabilities. 1.2 Purpose In todays information technology (IT) environment, significant time and effort are being spent on security for workstations and servers. However, todays HCDs (printers, copiers, MFDs, etc.) are connected to the same local area networks (LANs) and co
45、ntain many of the same communications, processing and storage components, and are subject to many of the same security problems as workstations and servers. At this time, there are no standards to guide manufacturers or users of HCDs in the secure installation, configuration, or usage of these devic
46、es and systems. 1 Copyright 2008 IEEE. All rights reserved. IEEE Std 2600-2008 IEEE Standard for Information Technology: Hardcopy Device and System Security The purpose of this document is to serve as such a standard and its goals are: a) To provide guidance in the secure architecture, design, and o
47、ut-of-box configuration of HCDs for manufacturers; b) To provide guidance in the secure installation, configuration, and use of HCDs for end users and their supporting organizations. 1.3 Document structure Clause 1 provides the scope and purpose of the standard and an overview of the standards struc
48、ture. Clause 2 provides the definitions, special terms, acronyms, and abbreviations used in this standard. Clause 3 describes the structure, architecture, and functions of a hardcopy device. Clause 4 describes the various security environments of hardcopy devices considered by this standard. Clause
49、5 describes the various assets of an HCD. Clause 6 describes the threats against HCDs that are considered by this standard. Clause 7 describes some of the mitigation techniques used to address each threat described in Clause 6. Mitigation techniques are provided for manufacturers, IT administrators, and users. Clause 8 indicates specific security objectives, by operational environment, that are mandatory for compliance with this standard and provides example mitigation techniques that may be used to accomplish these objectives. Annex A describes the best p
