IEEE P2600 Standards for Printers and Copiers

[ IEEE Standards Project P2600 ]

New Guidelines for Networked Printers and Copy Machines Point to Hidden Security Issue

IEEE Standards Project P2600 is a new standard developed for the secure installation, configuration, or usage of devices such as printers, copiers and multifunction systems. The IEEE (Institute of Electrical and Electronics Engineers) is a non-profit standard organization that sets standards for computers and communications.

Initiated in 2004, the new guidelines focus on a wide range of digital printers and multifunction devices. Generally operating in a networked environment, digital printers and copy machines receive a high volume of data, which most users don't think about. Whenever a print job is sent to them, it is stored on a hard drive, the same as any PC. While a security minded organization might take the trouble to shred a sensitive document, the same information continues to reside on the printer's hard drive. As such, they comprise un-noticed data repositories with the potential for significant data compromises.

Download IEEE 2600.1™-2009 here.

PROJECT SPONSORS:
o Canon Inc.
o Fuji Xerox
o The Hewlett-Packard Company
o InfoPrint Solutions Company
o Konica Minolta
o Kyocera Mita Corporation
o Lexmark International, Inc.
o Océ
o Oki Printing Solutions
o Ricoh Company, Ltd.
o Samsung Electronics Co., Ltd.
o Sharp Corporation
o Toshiba TEC Corporation
o Xerox Corporation

The IEEE 2600 identifies four additional standards based on four clearly-defined security or protection profiles. According to IEEE, a profile is used as part of the certification process, which is based on the Common Criteria for Information Technology Security Evaluation or ISO/IEC 15408, an international standard for computer security.

The protection profiles are classified as:
IEEE P2600.1--Standard for a Protection Profile in Operational Environment A, for devices that require a relatively high level of document security, operational accountability and information assurance. Information in such environments may include trade secrets and that are subject to legal and regulatory considerations. The standard was released in a document dated Jun. 12, 2009.

IEEE P2600.2--Standard for a Protection Profile in Operational Environment B, for devices in commercial environments that need moderate document and network security, and security assurance. According to minutes of a meeting dated Apr. 29, 2009, the standard will be available later in the year.

IEEE P2600.3--Standard for a Protection Profile in Operational Environment C, for devices in a public-facing environment in which document security is not guaranteed, but access control and usage accounting are important. Such environments include public libraries and Internet cafes.

IEEE P2600.4--Standard for a Protection Profile in Operational Environment D, for devices that require basic network security to prevent misuse from outside of the environment. Such environments include small offices and home offices.