Keypoint Intelligence-Buyers Lab, the industry’s leading authority in document imaging and "Smart Office" device testing and research, has created a neutral third-party security testing benchmark program that standardizes the requirements for output device and office IoT (Internet of Things) security. This three-track test suite addresses security from various vectors to determine if devices are safeguarded against vulnerabilities.

 

The three testing tracks include:

Device Penetration:  A combination of automated tools and manual exploitation attempts are used by certified security experts to probe for potential vulnerabilities in the device firmware/OS, ports, print protocols, embedded web page, connectivity avenues, and more

Policy Compliance:  Buyers Lab technicians employ the OEMs’ management tools to specify desired security settings and save those settings as a “policy” template, apply the policy across a fleet to ensure devices are in compliance, monitor those settings on an ongoing basis, automatically remediate devices that fall out of compliance, and more.

Firmware Resilience:  Certified security technicians use the OEMs’ tools and protocols to validate that devices are in compliance with the NIST (National Institute of Standards and Technology) SP 800-193 guidelines for platform resiliency of IoT devices. The testing looks to see whether mechanisms are in place to protect the platform against unauthorized changes, and that the device can detect an attack and recover to a secure state automatically.

We understand that most equipment makers do their own rigorous security testing on their devices. This Keypoint Intelligence program complements that by providing independent validation of an OEM’s claims based on uniform testing. During the two years of development of the program, Keypoint Intelligence personnel solicited input and guidance from all of the key OEMs that serve the document imaging space. The result is a three-track test suite that addresses security from various vectors to ensure devices are safeguarded against vulnerabilities—and that they remain so.

For the testing, devices and associated software are configured to the OEM’s recommendations for a “business secure” posture, where important functionality remains intact while less secure ports, protocols, and features not germane to essential functionality are disabled.  Notably, the Keypoint Intelligence-Buyers Lab program differs from Common Criteria Certification (CCC) for output devices in that there is not only verification that a device has the prescribed set of features and that they are correctly implemented, but also hands-on testing to determine if vulnerabilities remain.

OEMs that submit products for testing and pass one, two, or all three tracks of the program earn the right to license the Security Validation Testing seal to communicate to customers that the platform has passed the rigorous evaluation. This website will be updated on a regular basis to show the products that have undergone the testing and where vendors have licensed the seal. It will also deliver important details, such as the exact date of testing, the version/firmware version tested, and the configuration settings that were changed for testing—at the direction and discretion of the vendor—from the “out of box” factory defaults to achieve a security posture recommended for enterprise business environments.

 

Assessment Limitations and Restrictions

Note that with the program described above and the Security Validation Testing seals, Keypoint Intelligence and its partners, contractors, and affiliates are not certifying nor verifying that the products evaluated have no security vulnerabilities, nor that they will be invulnerable to attacks and exploitation by determined actors. These product assessments were performed in line with established security testing methodologies, and represent a point-in-time assessment of the in-scope systems. Any configuration changes made to these systems outside of what was tested may result in weaknesses being introduced into the environment that are not reflected in the results obtained by Keypoint Intelligence and its partners. Additionally, new vulnerabilities and testing techniques are regularly identified, and real-world attackers may not be limited by resources or engagement timeframes. Further weaknesses may therefore exist within the systems tested that could not reasonably be identified within the assessment timescales.

 

The following specific limitations and restrictions were encountered and should be borne in mind when considering the findings:

  • The systems were tested in a non-production, controlled lab environment, provided by Keypoint Intelligence. Any differences between this testing environment and a different corporate, production environment may lead to additional security weaknesses. Likewise, issues present in the lab environment may not be replicated in a real-world, corporate environment.
  • The device configuration was established at the beginning of testing by the vendor submitting the product for evaluation. Any modification to these settings may result in additional security weaknesses not covered by the evaluation.
  • Some areas of the product might not have been fully tested if they were incompatible with the vendor-defined configuration of the device.

 

To read the latest press release, click here.

Verified Secure Products

Or
HP
FutureSmart v4 Enterprise firmware platform
11/12/2019 11:22:23 AM
11/12/2021 12:00:00 AM
Device Penetration
v4.8.0.1 and later
Show

As tested in the HP Color LaserJet Flow E87650

 

HP Workpath (formerly Jetadvantage Link) supplemental OS disabled

 

HP JetAdvantage Security Manager pre-configured “Base” policy applied

Departures from that policy:

Scan/Digital Send | Digital Sending Software Setup:

Allow use of DSS server:  Deselected

Allow transfer to new DSS server:  Deselected

 

Security | General Security:

Local admin password: set complex password

PJL Security: set complex password

 

Security | Access Control:

Control Panel:  Turned off all access except for Copy

EWS:  Turned off all access

Allow users to choose alternate sign-in methods:  Deselected

Automatically sign out:  Selected

 

Security | Email Domain Restriction:

Open:  Set to allow only internal email domains

 

HP Web Services | HP JetAdvantage Setup:

Allow users to create an account:  Deselected

 

Networking | Configuration | TCIP/IP Settings:

IPv6:  Deselected

 

Networking | Configuration | Network Settings | SNMP:

SNMP v1/v2:  Deselected

Enable SNMP v1/v2 read-only access:  Deselected

Enable SNMP v3:  Selected and entered a complex password

Authentication protocol:  Selected SHA1 and entered complex passphrase

Privacy protocol:  Selected AES-128 and entered complex passphrase

 

Networking | Configuration | Network Settings | Other Settings | Misc:

Bonjour:  Selected

AirPrint:  Selected

 

Networking | Security | Settings | Secure Communication:

Active ciphers:  Moved AES-256-SHA and AES 128-SHA out of “Active” list

SSL/TLS protocol:

                TLS 1.2:  Selected

                TLS 1.1:  Deselected

                TLS 1.0:  Deselected

 

 

Networking | Security | IPsec Firewall

IPsec Firewall Policy – Rule Summary:  Selected “Allow traffic from administrator IP address; blocked other traffic

 

Networking | Security

Announcement Agent:  Set to ON, but with IP address for device entered

HP
JetAdvantage Security Manager
9/25/2019 3:17:07 PM
9/25/2021 12:00:00 AM
Policy Compliance
HP JASM v3.3.0.15855 and later
Show

As tested via HP JetAdvantage Security Manager v3 (supported for some functions by HP Web Jetadmin)

Buyers Lab analysts verified the claimed features and effectiveness of the HP management utilities for satisfying the test methodology criteria indicated below

  • Ensure devices are secured to a vendor’s and/or customer’s recommended settings by providing a method to quickly discover and apply the recommended settings
  • Provide ongoing checks to ensure the devices are still in compliance with the recommended settings
  • Provide automatic remediation to return device to the recommended settings
  • Provide a report or dashboard of at-risk devices
  • Provide a mechanism to highlight at-risk firmware (out-of-date firmware with known vulnerabilities) on devices
  • Provide fleet-scalable, secure firmware update capability
  • Automatically detect newly connected but un-configured device(s) attached to the network and automatically apply the policy designated by the administer for new devices
Fuji Xerox
ApeosPort-VII Firmware Platform v1.4
2/11/2020 2:39:18 PM
2/11/2022 12:00:00 AM
Device Penetration
1.4.1 and later
Show

As tested on the Fuji Xerox ApeosPort-VII C3373

 

General Setup

  • Job Management: Printer Lockout  ON
  • Stored Job Settings: Set Job Passcode  12
  • Web Browser Setup:  Web Application Version  v5
  • Web Browser Setup: Delete Persistent Cookie  ON
  • Web Browser Setup: Clear Cookie Cache Upon Exiting  ON
  • General Setup: Web Browser Setup: Use TLS 1.0  OFF
  • General Setup: Web Browser Setup: When SSL Certificate Verification Fails  STOP ACCESSING SITE

Connectivity: Protocols

  • SNMP v1/2c  OFF
  • SNMP v3  ON
  • SNMP: Authentication Failure Generic Traps  ON
  • SNMP v3 Settings:
  •    Message Digest Algorithm SHA-1
  •    Authentication Password Complex Value
  •    Message Encryption AES-128
  • SMB Client  ON
  • TBCP Filter  ON
  • Port 9100  OFF
  • SMTP Server: SSl/TLS Communication:  SSL/TLS
  • SMTP Server: Login Credentials to SMTP Server  Authentication
  • POP3 Setup: POP3 SSl/TLS Communication  ON
  • HTTP: HTTP Max Number of Sessions  1
  • HTTP: CSRF Protection  ON
  • HTTP: Secure HTTP (SSL)  ON
  • IPP: IPP Port Number  0
  • IPP: TBCP Filter  ON
  • WebDAV: WebDAV Port Status  OFF
  • WSD: Scan  OFF
  • WSD: Print  OFF
  • FTP  OFF
  •  

Connectivity Services

  • Printing: Print Model: PJL  OFF
  • Network Scanning: Job Log: Username  ON
  • Network Scanning: Job Log: Domain  ON

 

Connectivity

  • USB: General  OFF
  • USB: Embedded Plug-ins  OFF

 

Security

  • Authentication Configuration: Log Type  LOGIN TO REMOTE ACCOUNTS
  • User Details Setup: Login Attempts Limit  5
  • Remote Authentiocation Servers: Kerberos Server  ON
  • Audit Log: Audit Log  ON
  • Device Digital Signed Certificate: Upload Signed Certificate  Depending on PKI
  • Certificate Revocation Settings: Level of Cerfiticate Verification  HIGH
  • Certificate Revocation Settings: Auto Retrieval of CRL  ON
  • SSL/TLS Settings: POP3TLS Communication  ON
  • SSL/TLS Settings: Verify Remote Server Certificate  ON
  • PDF: DocuWorks/XPS Signature  SHA-256
  • Job Status Default: Completed Job View  REQUIRE LOGIN TO VIEW JOBS
  • Job Status Default: Access to jobs  LOGGED-IN USER ONLY
  • Job Operation Restrictions: Pause/Cancel  JOB OWNERS AND ADMINISTRATORS
  • Job Operation Restrictions: Edit/Print  JOB OWNERS AND ADMINISTRATORS
  • Job Operation Restrictions: Promote Print Jobs  JOB OWNERS AND ADMINISTRATORS
  • Plug-in: Custom Service Settings: Custom Service  ON
  • Plug-in: Custom Service Settings: Service Representative Restricted Operation  ON + Complex Password
  • Plug-in: Custom Service Settings: System Admnistrator Settings  Complex Values
  • Plug-in: Custom Service Settings: Smart Card Settings: Limit Access to Folder  ON
  • Authentication: Passcode Policy: Passcode Entry for Control Panel Login  ON
  • Authentication: Passcode Policy: Minimum Passcode Length  12
  • Authentication: Passcode Policy: Maximum Passcode Length  63
  • System Settings: Common Service Settings: Other: Hard Disk Encryption  ON+ComplexPassword