<img alt="" src="https://secure.insightful-enterprise-intelligence.com/784283.png" style="display:none;">
security-validation

This three-track test suite addresses security from various vectors to determine if devices are safeguarded against vulnerabilities
This three-track test suite addresses security from various vectors to determine if devices are safeguarded against vulnerabilities
Device Penetration
Device Penetration
  • A combination of automated tools and manual exploitation attempts are used by certified security experts to probe for potential vulnerabilities in the device firmware/OS, ports, print protocols, embedded web page, connectivity avenues, and more.
Policy Compliance
Policy Compliance
  • Buyers Lab technicians employ the OEMs’ management tools to specify desired security settings and save those settings as a “policy” template, apply the policy across a fleet to ensure devices are in compliance, monitor those settings on an ongoing basis, automatically remediate devices that fall out of compliance, and more.
Firmware Resilience
Firmware Resilience
  • Certified security technicians use the OEMs’ tools and protocols to validate that devices are in compliance with the NIST (National Institute of Standards and Technology) SP 800-193 guidelines for platform resiliency of IoT devices. The testing looks to see whether mechanisms are in place to protect the platform against unauthorized changes, and that the device can detect an attack and recover to a secure state automatically.

Why Test With Us

We understand that most equipment makers do their own rigorous security testing on their devices. This Keypoint Intelligence program complements that by providing independent validation of an OEM's claims based on uniform testing. During the two years of development of the program, Keypoint Intelligence personnel solicited input and guidance from all of the key OEMs that serve the document imaging space. The result is a three-track test suite that addresses security from various vectors to ensure devices are safeguarded against vulnerabilities and that they remain so.

How We Test

Devices and associated software are configured to the OEM's recommendations for a "business secure" posture, where important functionality remains intact while less secure ports, protocols, and features not germane to essential functionality are disabled. Notably, the Keypoint Intelligence-Buyers Lab program differs from Common Criteria Certification (CCC) for output devices in that there is not only verification that a device has the prescribed set of features and that they are correctly implemented, but also hands-on testing to determine if vulnerabilities remain.

Assessment Limitations and Restrictions
Note that with the program described above and the Security Validation Testing seals, Keypoint Intelligence and its partners, contractors, and affiliates are not certifying nor verifying that the products evaluated have no security vulnerabilities, nor that they will be invulnerable to attacks and exploitation by determined actors. These product assessments were performed in line with established security testing methodologies, and represent a point-in-time assessment of the in-scope systems. Any configuration changes made to these systems outside ot what was tested may result in weaknesses being introduced into the environment that are not reflected in the results obtained

Verified Secured Products

Sharp CR 5.x Controller Platform

Company Name: Sharp Electronics Corp.

Model Name: Sharp CR 5.x Controller Platform

Test Date: December 4 2024

Test Results Valid Through: December 4 2026

Test Version: Penetration Testing

Serial Number:

Firmware Version: Sharp CR 5.x Controller Platform

Product Families that Share this Firmware Platform: BP-50C26, BP-50C31, BP-50C36, BP-50C45, BP-50C55, BP-50C65, BP-50M26, BP-50M31, BP-50M36, BP-50M45, BP-50M55, BP-50M65, BP-B540WR, BP-B550WD, BP-C533WR, BP-C535WR, BP-C533WD, BP-C535WD, BP-C542WD, BP-C545WD, BP-55C26, BP-60C31, BP-60C36, BP-60C45, BP-70C31, BP-70C36, BP-70C45, BP-70C55, BP-70C65, BP-70M31, BP-70M36, BP-70M45, BP-70M55, BP-70M65, BP-70M75, BP-70M90, BP-90C70, BP-90C80, BP-40C26, BP-40C36, BP-70C26, BP-60C26, BP-B537WR, BP-B547WD, BP-C545PW, BP-B550PW, BP-C542PW, BP-B547PW

Settings changed from default configuration for test

System Settings > Printer Settings > Condition Settings > USB Memory Direct Print: DISABLED

 

System Control > Job Log > Job Log: ENABLED

 

Authentication Settings > Default Settings > …

User Authentication: ENABLED

Disabling of Printing by Invalid User: ENABLED

 

Administration Settings > …

Warning when Login Fails: ENABLED

Allow Remote Scanner Using Before Login: DISABLED

Include Job Status in user authentication: ENABLED

Display System Information Screen Before Login: ENABLED

Enable IPP Authentication Except for Printer Driver: ENABLED

 

Network Settings > Interface Settings / Extended LAN Settings …

IPv6 Settings: DISABLED (if IPv6 is required, then enable with proper security settings)

 

Network Settings > Services Settings>…

SMNP v1: DISABLED

SMNP v3: ENABLED (SHA-1, AES)

 

Security Settings > Port Control / Extended LAN…

FTP: DISABLED

FTPS: ENABLED

HTTP: DISABLED

HTTPS: ENABLED

WSD: DISABLED

IPP: DISABLED

SMB: DISABLED

SNMP: DISABLED

LDAP: DISABLED

WSD: DISABLED

 

 

Security Setting > SSL/TLS Settings > SSL/TLS Settings: ENABLE TLS 1.3

Security Settings > S/MIME Settings > ENABLED (AES-256)

Security Settings > Password Policy Settings > ENABLED (Check this page for more settings  and set according to password “best-practices”)

 

Security Settings > Condition Settings…

Reject Requests from External Sites: ENABLED

If Firmware Corruption is Detected, Restore It: ENABLED

Apply Security Policy: ENABLED

Mandatory Access Control: ENABLED

 

Security Settings > Intrusion/Attack Detection

Intrusion/Attack Detection: ENABLED

 

Security Settings > Virus Scan Setting

Virus Scan: ENABLED

 

Security Settings > IPsec Settings

IPsec Settings: ENABLED (Check this page for more settings  and set according to network “best-practices”)

 

Security Settings > Audit Log > Administration Settings…

Audit Log: ENABLED

Storage Encryption: ENABLED

Auto Clear at Job End: ENABLED

Epson Workforce Enterprise Series Firmware

Company Name: Seiko Epson Corp.

Model Name: Epson Workforce Enterprise Series Firmware

Test Date: June 25 2022

Test Results Valid Through: July 9 2024

Test Version: Device Penetration

Serial Number:

Firmware Version: GQ15M4

Product Families that Share this Firmware Platform: Epson Workforce Enterprise Series

Settings changed from default configuration for test

Scan/Copy

Enable Network Scan: ON

 

Network

Wi-Fi: OFF

Email Server Secure Connection: START TLS

Email Server Authentication Method Password: up to 31 characters

Kerberos Settings: NONE

Use Microsoft network sharing: ON (SMB 1.0 and SMB/SMB3 can be disabled individually)

 

Network Security

WSD Settings Enable WSD: ON

LPR Settings Allow LPR Printing: ON

Allow RAW (Port 9100) Printing: ON

Allow RAW (Custom Port) Settings: OFF

Enable IPP: ON

Enable FTP Server: OFF

Enable SNMPv1/v2c: OFF

Enable SNMPv3: ON

SNMPv3 Authentication Settings Algorithm: MD5 / SHA-1

SSL/TLS Redirect HTTP to HTTPS: ON

IPsec/IP Filtering: ON

 

Product Security

Enable Access Control: ON

Allow printing and scanning without authentication information from a computer: OFF

Prohibit user from canceling other user’s job: ON

External Interface(USB) Memory Device: OFF

Audit Log Setting: ON

Password Policy Minimum Password Length: ON

Panel Lock: ON

Printer Lockout Operation Time Out: ON

Job History: REQUIRE LOGIN TO VIEW JOBS (administrator only)

System Plug-in Settings: OFF

Data Encryption: ON (all information stored on internal hard drive is always encrypted and cannot be disabled)

Brother Security Firmware v1.x

Company Name: Brother International Corp.

Model Name: Brother Security Firmware v1.x

Test Date: October 1 2024

Test Results Valid Through: September 30 2026

Test Version: Device Penetration

Serial Number:

Firmware Version: Brother Security Firmware v1.x

Product Families that Share this Firmware Platform: MFC-J5955DW / MFC-J6955DW / HL-L94xx / HL-EX / MFC-L96xx / MFC-EX Series HL-L521x, HL-L621x, HL-L631x, HL-L6415DW DCP-L551x, MFC-L571x, MFC-L5915DW, MFC-L681x, MFC-L6915DW HL-L8245CDW, HL-L3220CDW, HL-L3300CDW, HL-L3280CDW, HL-L3295CDW MFC-L8395CDW, MFC-L3720CDW, MFC-L3780CDW

Settings changed from default configuration for test

Administrative Protocols               

Web Based Management:  ON (using only HTTPS Port 443)

SNMP: ON (using only SNMP v3)

 

Print Protocols                 

LPD: ON

Port 9100 (Raw Port):  OFF

IPP:  ON (using only HTTPS Port 443)

AirPrint:  ON

Mopria:  ON (if using)

Web Services: OFF

Proxy:  OFF

             

Miscellaneous Protocols                

Network Scan:  ON

PC Fax Receive:  ON

 

Network Protocols                         

POP3/IMAP4/SMTP Client:  ON (using SMTP-AUTH, TLS)

SMTP Server:  OFF

FTP Server:  OFF

FTP Client:  ON (using TLS)

SFTP:  ON

TFTP:  OFF

WebDAV:  ON (using TLS)

SMB (CIFS):  ON (using only SMBv3)

LDAP:  ON

mDNS:  ON

LLMNR:  ON

SNTP:  ON                          

                                          

Other Settings                                

TLS Protocol (Server):  TLS 1.2

TLS Protocol (Client):  TLS 1.2

CA certificate:  Import related root/intermediate CA certificate

Client Key Pair:  Create client public and private key

Server Public Key:  Import server public key

Kyocera Evolution Series Firmware v1.x

Company Name: Kyocera

Model Name: Evolution Series Firmware v1.x

Test Date: August 31 2023

Test Results Valid Through: September 1 2025

Test Version: Device Penetration

Serial Number:

Firmware Version: v1.x

Product Families that Share this Firmware Platform: Kyocera Evolution Series

Settings changed from default configuration for test

Function/Port/Protocol….Status For Test

Security Level ....Level 3 (Very High)

Internet Browser....Disabled

Password Policy ....Enabled (strong password required)

Incorrect Password Lockout….Enabled

Bundled Data Security Kit.. ..Enabled

Optional Data Security 10....Enabled

Auto Panel Reset….Enabled (90 seconds)

Auto Reset....Enabled (60 second)

Continue or Cancel Error Job….Job Owner Only

Remote Printing (Doc Box)….Permit

AirPrint ....Disabled

IPv4 (Ethernet).Static. ...Enabled

IPv6.....Disabled

Wireless Access (Network)....Enabled

Wireless Access (Direct Point)….Disabled

Bonjour ....Disabled

IPsec (Data Security 10 Option)….Disabled

TCP/IP Communication....All IP Ranges

NetBEUI....Disabled

LPD.....Enabled

FTP Server (Reception)....Disabled

IPP.....Disabled

IPP over SSL....Disabled

IPP Security....Secure Only

IPP Authentication...Disabled

RAW.....Disabled

WSD Print....Disabled

POP3 (E-mail RX)....Disabled

SMTP (E-mail TX)….Enabled

SMTP (Email TX) - SMTP Security….SSL/TLS Set

SMTP (Email TX) Cert Auto Verification….Validity Period

SMTP (Email TX) Hash….SHA2.Enable

FTP Client (Transmission)....Disable

FTP Client (Trans) - FTP Encryption TX….Disable

FTP Client (Trans) - Certify Auto Verification....Disable

FTP Client (Trans) - Hash….SHA2.Disabled

SMB (Send Only No Server)….Disabled

WSD Scan....Disabled

DSM Scan....Disabled

eSCL.....Disabled

eSCL over SSL....Disabled

SNMPv1/v2....Disabled

SNMPv3....Enabled

HTTP.....Disabled

HTTPS.....Enabled

HTTPS - HTTPS Certificate….Enabled (Device Certificate)

HTTP(Client/Server ) Certify Auto Verify….Validity Period

HTTP(Client/Server) - Hash….SHA2.Enable

Enhanced WSD....Disabled

Enhanced WSD over SSL...Enabled

Enhanced WSD over SSL Certificate….Enabled (Device Certificate)

LDAP.....Disabled

IEEE802.1X....Disabled

LLTD.....Disabled

REST.....Disabled

REST over SSL....Enabled

VNC(RFB)....Disabled

VNC(RFB) over SSL...Disabled

Enhanced VNC(RFB) over SSL….Enabled

OCSP/CRL Settings...Default Value

Syslog.....Disabled

Display Jobs Detail Status….Hide All

Display Jobs Log....Hide All

Address Book....Administration Only

One Touch Key....Administration Only

Admin Authentication on Firmware Update….Enabled

TLS Version....1.2/1.3 Enabled

Encryption....AES; AES-GCM: Setting value, CHACHA20/POLY1305: Setting value

Hash.....SHA-2 Enabled

HTTP Security....Secure HTTPS

Enhanced WSD Security….Enhanced WSD over SSL

Local Authorization….Disabled

Guest Authorization....Disabled

Simple Login....Disabled

Guest Authorization Settings….Disabled

Simple Login Settings….Disabled

Unknown User Settings….Reject

All Job/Error / Status Logs History….Set

Remote Services ....Disabled

Remote Operations....Disabled

Google Cloud Print Settings….Disabled

Allow listing....Enabled

Epson GLE ver. 100 Firmware

Company Name: Seiko Epson Corp.

Model Name: Epson GLE ver. 100 Firmware

Test Date: October 14 2024

Test Results Valid Through: October 15 2026

Test Version: Device Penetration

Serial Number:

Firmware Version: GL1109

Product Families that Share this Firmware Platform: Epson models LM-C400 / AM-C400 / AM-C400a / AM-C550

Settings changed from default configuration for test

Scan/Copy

Enable Network Scan: ON

 

Network

Wi-Fi: OFF

Email Server Secure Connection: START TLS

Email Server Authentication Method Password: up to 31 characters

Kerberos Settings: NONE

Use Microsoft network sharing: ON (SMB 1.0 and SMB/SMB3 can be disabled individually)

 

Network Security

WSD Settings Enable WSD: ON

LPR Settings Allow LPR Printing: ON

Allow RAW (Port 9100) Printing: ON

Allow RAW (Custom Port) Settings: OFF

Enable IPP: ON

Enable FTP Server: OFF

Enable SNMPv1/v2c: OFF

Enable SNMPv3: ON

 

SNMPv3 Authentication Settings Algorithm: MD5 / SHA-1

SSL/TLS Redirect HTTP to HTTPS: ON

IPsec/IP Filtering: ON

 

Product Security

Enable Access Control: ON

Allow printing and scanning without authentication information from a computer: OFF

Prohibit user from canceling other user’s job: ON

External Interface(USB) Memory Device: OFF

Audit Log Setting: ON

Password Policy Minimum Password Length: ON

Panel Lock: ON

Printer Lockout Operation Time Out: ON

Job History: REQUIRE LOGIN TO VIEW JOBS (administrator only)

System Plug-in Settings: OFF

Data Encryption: ON (all information stored on internal hard drive is always encrypted, and encryption cannot be disabled)

Epson WorkForce Enterprise AM/LM Series Firmware

Company Name: Seiko Epson Corp.

Model Name: Epson WorkForce Enterprise AM/LM Series Firmware

Test Date: June 30 2023

Test Results Valid Through: June 30 2025

Test Version: Device Penetration

Serial Number:

Firmware Version: GW22N5

Product Families that Share this Firmware Platform: Epson Workforce Enterprise AM/LM Series LM-C4000 / LM-C5000 / LM-C6000 / AM-C4000 / AM-C5000 / AM-C6000 / AM-C4000a / AM-C5000a / AM-C6000a

Settings changed from default configuration for test

Scan/Copy

Enable Network Scan: ON

 

Network

Wi-Fi: OFF

Email Server Secure Connection: START TLS

Email Server Authentication Method Password: up to 31 characters

Kerberos Settings: NONE

Use Microsoft network sharing: ON (SMB 1.0 and SMB/SMB3 can be disabled individually)

 

Network Security

WSD Settings Enable WSD: ON

LPR Settings Allow LPR Printing: ON

Allow RAW (Port 9100) Printing: ON

Allow RAW (Custom Port) Settings: OFF

Enable IPP: ON

Enable FTP Server: OFF

Enable SNMPv1/v2c: OFF

Enable SNMPv3: ON

SNMPv3 Authentication Settings Algorithm: MD5 / SHA-1

SSL/TLS Redirect HTTP to HTTPS: ON

IPsec/IP Filtering: ON

 

Product Security

Enable Access Control: ON

Allow printing and scanning without authentication information from a computer: OFF

Prohibit user from canceling other user’s job: ON

External Interface(USB) Memory Device: OFF

Audit Log Setting: ON

Password Policy Minimum Password Length: ON

Panel Lock: ON

Printer Lockout Operation Time Out: ON

Job History: REQUIRE LOGIN TO VIEW JOBS (administrator only)

System Plug-in Settings: OFF

Data Encryption: ON (all information stored on internal hard drive is always encrypted, and encryption cannot be disabled)

FUJIFILM Apeos Firmware V1.0.0 and later, V21.50.0 – V21.99.x

Company Name: FUJIFILM Business Innovation Corp.

Model Name: FUJIFILM Apeos Firmware V1.0.0 and later, V21.50.0 – V21.99.x

Test Date: August 26 2024

Test Results Valid Through: August 26 2026

Test Version: Device Penetration

Serial Number:

Firmware Version: FUJIFILM Apeos Firmware V1.0.0 and later, V21.50.0 – V21.99.x

Product Families that Share this Firmware Platform: APEOS FIRMWARE V1.0.0 AND LATER: Apeos C7071 / C6571 / C5571 / C4571 / C3571 / C3071 / C2571 Series || Apeos C3567 / C3067 / C2567 / C3061 / C2561 / C2061 Series APEOS FIRMWARE V21.50.0 – V21.99.X: Apeos C7070 / C6570 / C5570 / C4570 / C3570 / C3070 Series || Apeos C3060 / C2560 / C2060 Series || Apeos 5570 / 4570 Series || Apeos 3560 / 3060 / 2560 Series || Apeos C4030 / C3530 Series || Apeos 5330 / 4830 Series || ApeosPrint C4030 / C3530 Series || ApeosPrint 5330 / 4830 Series

Settings changed from default configuration for test

As tested on the FUJIFILM Apeos C3061

 

Jobs > Job Settings > Printer Lockout > Edit > Enable: ON

Jobs > Job Settings > Stored Print Job Settings > Minimum Passcode Length (Digits): 12

Apps > Web Browser Setup > Delete Persistent Cookie upon Closing: ON

Apps > Web Browser Setup > Clear Cache upon Closing: ON

System > Security >  SSL/TLS Setting > Protocol Version: TLS1.2 or Later

Apps > Web Browser Setup > SSL Cert Verification Failure: STOP ACCESSING SITE

Network > Protocols > SNMP > SNMP v1/v2: OFF

Network > Protocols > SNMP > SNMP v3: ON

Network > Protocols > SNMP > Authentication Failure Generic Traps: ON

Network > Protocols > SNMP > SNMP v3 > System Administrator Account >  Message Digest Algorithm: SHA-256

Network > Protocols > SNMP > SNMP v3 > System Administrator Account >  Authentication Password: Complex Value

Network > Protocols > SNMP > System Administrator Account >  Message Encryption Algorithm: AES-128

Network > Protocols > IPP or LPD or Port9100 > TBCP Filter: ON

Network > Protocols > IPP or LPD or Port9100 > TBCP Filter: OFF

Network > Protocols > SMTP > TLS/SSL Communication: SSL/TLS

Network > Protocols > SMTP >  SMTP Authentication: SMTP AUTH

Network > Protocols > POP3> TLS/SSL Communication: ON

Network > Protocols > HTTP > Maximum Connections per Port: 1

Network > Protocols > HTTP >  CSRF Protection: ON

Network > Protocols > HTTP >  Port( HTTP/HTTPS): Enable HTTPS Only

Network > Protocol -> IPP -> Port Number: 0

Network > Protocols -> IPP > TBCP Filter: ON

Network > Protocols > WebDAV > Port: OFF

Network > Protocols > WSD > Port (Scan To Desktop): OFF

Network > Protocols > WSD > Port (Print From Desktop): OFF

Network > Protocols > FTP Client: OFF

Network > Protocols > lpd > PJL: OFF

Network > USB : OFF

System > System Settings > Plug-in Settings > Embedded Plug-ins: OFF

Permissions > Authentication/Accounting > Authentication/Accounting Type: Remote

Permissions > Authentication/Accounting  > Advanced Settings > Limit Login Attempts of System Administrator: 5

Permissions >  Authentication/Accounting > Authentication/Accounting Type > Remote > Kerberos: ON

System > Logs > Audit Log: ON

System > Security > Certificate Settings: Depending on PKI

System > Security > Certificate Revocation Settings > Level of Certificate Verification: HIGH

System > Security > Certificate Revocation Settings > CRL Retrieval > Auto Retrieval of CRL: ON

System > Security > SSL/TLS Settings > POP3 TLS Communication: ON

System > Security > SSL/TLS Settings > Verify Remote Server Certificate: ON

Apps > Scan > Common Settings > PDF/DocuWorks Signature Settings > DocuWorks Signature Hash Algorithm: SHA-256

Job > Job Settings > Completed Jobs View: REQUIRE LOGIN TO VIEW JOBS

Job > Job Settings > Completed Jobs View: LOGGED-IN USER ONLY

Permissions > Permissions > Access Control > Job Operation Restrictions > Pause/Delete: JOB OWNERS AND ADMINISTRATORS

Permissions > Permissions > Access Control > Job Operation Restrictions > Continue Print: JOB OWNERS AND ADMINISTRATORS

Permissions > Permissions > Access Control > Job Operation Restrictions > Promote Print Job: JOB OWNERS AND ADMINISTRATORS

System > Security > Service Representative Operation Settings > Operation Restriction > Enable: ON + Complex Password

Permissions > User Accounts: Complex Values

Permissions > Access Control > Feature Access > Print Files from Folder: Locked

Permissions > Authentication/Accounting > Password Policy > Minimum Length: 12

Permissions > Authentication/Accounting > Password Policy > Maximum Length: 63

System setting > Other Setting > DataEncryption [only Local UI settings]: ON + Complex Password

Network > Protocols > SMB > NetBIOS: OFF

 

Ricoh IM Series System Firmware

Company Name: Ricoh

Model Name: IM C Series System Firmware

Test Date: October 30 2023

Test Results Valid Through: November 30 2025

Test Version: Device Penetration

Serial Number:

Firmware Version: IM C Firmware version 1.x

Product Families that Share this Firmware Platform: Ricoh brands IM Cxxxx

Settings changed from default configuration for test

Ricoh IM C Firmware Ver. 1.0

Firmware sub-modules:

System/Copy v2.2

Netowk Support v18.54

Web Support v2.19

Fax v02.01.00

Scanner v02.01

Web Uapl v2.00

NetworkDocBox v2.00

Animation v2.01

Printer v2.12

RPCS v3.23.13

Font EXP v1.0

PCL v1.01

IRIPS PS3 v1.00

IRIPS PDF v1.05

IRIPS Font v1.15

Graphic Data v2.00

MovieData v1.00

MovieData2 v1.00

MovieData3 v1.00

Data Erase Onb v1.05

PowerSaving Sys F.L3.23.1

RicohACT v1.0

 

As tested in the Ricoh IM C4510

Settings changed from defaults after a firmware upgrade as follows:

 

Wireless and Networks:

  • Port forwarding to Machine, Port Forwarding changed to “inactive”

Screen Device Settings:

  • Screen SD Card Slot:  to inactive
  • Screen USB Memory Slot:  To inactive
  • Recovery by Wireless Connection:  To inactive

Web Browser:

  • Prohibit Entering URL:  to Active
  • Form Data/remember form data:  To inactive
  • Form Data/remember Passwords:  To inactive
  • Cookies/Accept Cookies:  To inactive

Advanced:

  • Enable JavaScript:  To inactive
  • Enable Plugins:  To Off

Bandwidth Management:

  • Search Result Preloading:  To Never
  • WebPage Preloading:  To never
  • Load Images:  to Never

Web Browser NX:

  • Save Cookie:  To “do not save”
  • Restrict Usage for Users:  To Restrict

Device Settings:

System:

Media Slot Use:

  • Store to Memory Device:  Prohibit
  • Print from Memory Storage Device:  Prohibit

Timer: 

  • Sleep Mode Timer:  set to 60 seconds

Logs:

Job Logs

  • Job log:  Active
  • Job log Collect level:  Level 1

Access Logs:

  • Collect Access Logs:  Active
  • Access Log Collect Level:  Level 2

Eco-Friendly Logs:

  • Collect Eco-Friendly logs:  Active
  • Eco-friendly log Collect Level:  Level 2

SYSLOG Transfer Setting:

  • Transfer to SYSLOG Server:  Inactive

 

Administrator Authentication Management:

  • User Administrator Authentication:  On
  • Available Settings for User Administrator:  “checked” Administrator Tools
  • Machine Administrator Authentication:  On
  • Available Settings:  “checked” General Features, Tray paper settings, Timer settings, Interface, File

 

Transfer, Administrator Tools, Maintenance.

  • Network Administrator Authentication:  On
  • Available Settings:  “checked” File Transfer, Interface, Admin tools
  • File Administrator Authentication:  On
  • Available settings:  “checked” Admin Tools

 

Kerberos Authentication:

  • Encryption Algorithm:  “unchecked” all but AES 256-CTS

 

Interface Settings:

  • USB:  To Inactive

 

IPv4:

Details:

  • DDNS:  Inactive
  • WINS:  Inactive
  • RSH/RCP:  Inactive
  • LPR:  Inactive
  • DIPRINT: Inactive
  • FTP:  Inacative
  • WSD (device):  Inactive
  • WSD (Printer): Inactive
  • WSD (Scanner): Inactive
  • IPP:  Inactive
  • RHPP: Inactive

IPv6:

  • All settings and features to inactive

SMB:

  • SMB:  Inactive

SNMP v1: 

  • All settings and features to inactive

SNMP v3:

  • IPv6:  Inactive
  • Authentication Algorithm:  SHA1
  • Account User:  Entered new password
  • Encryption Password (user):  Entered new encryption password

SSDP: 

  • SSDP:  To Inactive

Bonjour:

  • IPv6:  To Inactive

 

Network Security:

  • HTTP Port 80:  Close IPv4 and IPv6
  • SSL/TLS Port 443-Permit SSL/TLS Communication: changed to “Cyphertext”
  • TLS 1.0:  Inactive
  • TLS 1.1:  Inactive
  • SSL 3.0:  Inactive
  • AES 128 : Inactive
  • 3DES:  Inactive
  • RC4:  Inactive
  • RSA Key Exchange: Inactive
  • SHA – 1: Inactive
  • Telnet: Inactive
  • NetBios over TCP/IPvc4:  Inactive
  • SNMP v1: Inactive
  • SNMP v2: Inactive

S/MIME:

  • Authentication Algorithm: SHA-512
  • Encryption Algorithm:  AES-256

Kerberos Authentication:

  • All off but AES-256

Driver Encryption Key:

  • Encryption Strength:  AES

User Lockout Policy:

  • Lockout:  Enable

 

Extended Security:

  • Authenticate Current Job:  To Access Privilege
  • Restrict Display of Use Information:  On
  • Enhance File Protection:  On
  • Restrict Use of Destinations (address books):  On
  • @Remote Service:  Prohibit

Misc./Notes:

  • Close Telnet Ports:
  • Nat_u Filter On
  • Close TCP 111, 1022, 1023, 2049, 54080, 54443
  • Close UDP 1022, 1023
  • Commands:
  • Nat_ui port_filter_cats on
  • Set RFU Down (for remote firmware update)
  • Set NRS Down  (remote metering to off)