<img alt="" src="https://secure.insightful-enterprise-intelligence.com/784283.png" style="display:none;">
security-validation

This three-track test suite addresses security from various vectors to determine if devices are safeguarded against vulnerabilities
This three-track test suite addresses security from various vectors to determine if devices are safeguarded against vulnerabilities
Device Penetration
Device Penetration
  • A combination of automated tools and manual exploitation attempts are used by certified security experts to probe for potential vulnerabilities in the device firmware/OS, ports, print protocols, embedded web page, connectivity avenues, and more.
Policy Compliance
Policy Compliance
  • Buyers Lab technicians employ the OEMs’ management tools to specify desired security settings and save those settings as a “policy” template, apply the policy across a fleet to ensure devices are in compliance, monitor those settings on an ongoing basis, automatically remediate devices that fall out of compliance, and more.
Firmware Resilience
Firmware Resilience
  • Certified security technicians use the OEMs’ tools and protocols to validate that devices are in compliance with the NIST (National Institute of Standards and Technology) SP 800-193 guidelines for platform resiliency of IoT devices. The testing looks to see whether mechanisms are in place to protect the platform against unauthorized changes, and that the device can detect an attack and recover to a secure state automatically.

Why Test With Us

We understand that most equipment makers do their own rigorous security testing on their devices. This Keypoint Intelligence program complements that by providing independent validation of an OEM's claims based on uniform testing. During the two years of development of the program, Keypoint Intelligence personnel solicited input and guidance from all of the key OEMs that serve the document imaging space. The result is a three-track test suite that addresses security from various vectors to ensure devices are safeguarded against vulnerabilities and that they remain so.

How We Test

Devices and associated software are configured to the OEM's recommendations for a "business secure" posture, where important functionality remains intact while less secure ports, protocols, and features not germane to essential functionality are disabled. Notably, the Keypoint Intelligence-Buyers Lab program differs from Common Criteria Certification (CCC) for output devices in that there is not only verification that a device has the prescribed set of features and that they are correctly implemented, but also hands-on testing to determine if vulnerabilities remain.

Assessment Limitations and Restrictions
Note that with the program described above and the Security Validation Testing seals, Keypoint Intelligence and its partners, contractors, and affiliates are not certifying nor verifying that the products evaluated have no security vulnerabilities, nor that they will be invulnerable to attacks and exploitation by determined actors. These product assessments were performed in line with established security testing methodologies, and represent a point-in-time assessment of the in-scope systems. Any configuration changes made to these systems outside ot what was tested may result in weaknesses being introduced into the environment that are not reflected in the results obtained

Verified Secured Products

Company Name:

Model Name:

Test Date:

Test Results Valid Through:

Test Version:

Serial Number:

Firmware Version:

Product Families that Share this Firmware Platform:

Settings changed from default configuration for test