Multi-Function Deviceget help

(Draft)

These standards set the minimum acceptable security requirements for any Multi-Function Devices (MFDs) attached to the Simon Fraser University (SFU) network. MFDs generally include printing, scanning, faxing, and copying capabilities. SFU has introduced MFDs throughout the campus as a way of reducing the need for multiple devices, to realize cost savings, increase ease of use, reduce impact on the environment, and provide efficiencies of process. MFDs provide great value to the University, but have also opened SFU to additional risks of a breach of confidential information. These standards have been developed to secure university data while providing for operational efficiency and availability.

Standards

  • The MFD administrative console password must be changed from the factory default, and comply with the Simon Fraser University Password Strength Standard.
  • Remote configuration and support must use secure protocols (https and SSL) over port 443.
  • An access control list for the administrative console password must be maintained by the Director of Client and Research Services.
  • A firewall rule must be maintained that prevents ingress and egress from the campus perimeter to all MFDs.
  • All local drives on the device must be encrypted.
  • Scanned or faxed data must not be stored locally on the device.
  • Scanned and faxed data may be stored in secure network directories and must meet the University’s Information Classification Standard.
  • All MFDs should be secured in areas with restricted access.
  • For any MFD that will be permanently removed from the SFU network, all storage media must be re-formatted to meet the University’s Information Classification Standard for disposal, before being removed from the University.
  • Any unused ports must be disabled.
  • FTP and Telnet services must be disabled.
  • The SNMP community string must be changed from the factory default.
  • If SNMP version 3 will not be used it must be turned off.
  • Incoming SMTP traffic must be disabled by default. If it is to be used by a department, it must be approved by the Information Security Committee.
  • All SMTP traffic must use SFU’s mail relays.
  • Access controls to the MFD should be IP filtered, MAC filtered, or filtered through the use of network print servers.

Exceptions

Exceptions to this Security Standard can only be granted by the CIO.