Security Validation Testing Program for MFPs & Printers
Posted March 2020
Regardless of industry but especially in the technology space, security is top of mind. From privacy concerns to identity theft, and everything in between, people seek protection—they need to feel protected.
Keypoint Intelligence – Buyers Lab has announced the launch of their proprietary Security Validation Testing. It is designed to validate three critical areas: Device Penetration, Policy Compliance, and Firmware Resilience of MFPs and printers.
“If not properly designed and secured, a company’s output devices can be an unlocked ‘back door’ serving as a conduit between the Internet and the corporate network. Our program establishes standards that all device manufacturers can strive to achieve, and cuts through the jargon and competing claims for purchasing decision-makers,” said Randy Dazo, Keypoint Intelligence’s President and CEO.
Device Penetration: A combination of automated tools and manual exploitation are used to probe for potential vulnerabilities in the device firmware/OS, ports, print protocols, embedded web page, connectivity avenues, and more.
Policy Compliance: Technicians employ the OEMs’ management tools to specify security settings and save those settings as a “policy” template, apply the policy across a fleet to ensure devices are in compliance, monitor those settings on an ongoing basis, automatically remediate devices that fall out of compliance, and more.
Firmware Resilience: Technicians use the OEMs’ tools and protocols to validate that devices are in compliance with the NIST SP 800-193 guidelines for platform resiliency of connected devices. The testing ascertains whether mechanisms are in place to protect the platform against unauthorized changes, and that the device can detect an attack and recover to a secure state automatically.
Notably, the Keypoint Intelligence – Buyers Lab program differs from Common Criteria Certification for output devices in that there is not only verification that a device has the prescribed set of features and that they are correctly implemented, but also hands-on testing to determine if vulnerabilities remain. OEMs that submit products for testing and pass one, two or all three tracks earn the right to license the Security Validation Testing seal to communicate to customers that the platform has passed the testing.
HP and Ricoh are the first to earn the Device Penetration Testing Seal
“We are thrilled that HP and Ricoh supported us in our initial round of testing, and just as thrilled to report that their platforms met the stringent criteria put forward in our Device Penetration test protocol,” Dazo said. “These actions are a testament to those companies’ commitment to product security and desire to raise the bar for the entire industry.”
TGI offers both Ricoh and HP equipment. We are often asked, “What is the difference between working with a manufacture verses a dealer?” When you select a dealer, like TGI, who offers multiple brands we can recommend which is best for your organization. If you are interested in learning more about TGI’s wide array of solutions, don’t hesitate to call TGI today at 1-866-468-4462 or reach out via our contact form.