Security for MFPs and Printers
KYOCERA continues to enhance information security to protect our customers' information assets.
KYOCERA's efforts towards MFP and printer security
KYOCERA Document Solutions Inc. (referred to as KYOCERA, hereafter) recognizes the importance of assuring information security in KYOCERA MFPs and printers in the customer's environment, and informs the customers of its importance.
KYOCERA's first priority is to securely protect the customer's information assets. We are taking necessary actions on numerous security measures to protect the customer's information assets against threats that are increasingly sophisticated and diverse. While constantly working to enhance the usability of the KYOCERA MFPs and printers, KYOCERA is simultaneously striving to maintain and improve the high levels of security on the KYOCERA MFPs and printers, corresponding to each customer's working environment.
KYOCERA understands the importance of open communication with and feedback from customers on security questions and concerns about our products and we will promptly reply to all customer inquiries.
KYOCERA is putting strong and focused effort into developing security functions that will provide more security when using KYOCERA MFPs and Printers. We are also developing MFPs that comply with the Common Criteria international security standard (ISO/IEC 15408) so that customers will be able to use our products with ease. KYOCERA products will be certified under IEEE 2600.1, which is an international security standard for hard copy devices enacted in 2009. In addition, the Federal Information Processing Standard, FIPS 140-2 certified hard drive is available for some KYOCERA device models for sensitive data protection. KYOCERA will continuously drive further improvements in security enhancement as standards develop or new technologies evolve to protect the KYOCERA devices.
Information security that must be assured in MFPs and printers
Information security is to protect information assets such as printed documents, address books and the like, against information leaks, data alteration and denial of service attacks, and other such threats while maintaining the three security attributes (CIA) : Confidentiality, Integrity and Availability.
KYOCERA develops MFPs and printers while having awareness of the three security attributes (CIA) in order for customers to securely use the KYOCERA products.
Confidentiality means that only persons who are authorized to access information assets can access and use these information assets. To maintain Confidentiality, we must prevent unauthorized access to information assets. For example, identification and authentication functions on KYOCERA MFPs and printers, enable appropriate access control to prevent unauthorized disclosure of customer's information assets on MFPs and printers.
Integrity means that information assets must be accurate and correct. To maintain Integrity, information assets must be protected against unauthorized alteration by a malicious third party. For example, the usage of encryption functionality helps ensure data protection and prevents alteration of information assets on MFPs and printers.
Availability means that information assets must be accessible when authorized users need to access them; while maintaining Confidentiality and Integrity. To maintain Availability, information assets must be available at the exact timing when an authorized user wishes to use it. For example, the usage of the interface block function and the like, restricting access to devices via a network, help protect interfaces from denial of service attacks to MFPs and printers.
Product lifecycle security
KYOCERA believes that security measures are necessary throughout to the product lifecycle from the time of device installation and operation through decommission. (Figure 1)
In the Installation phase, passwords and usage restrictions can be set. In the Operation phase, access control, stored data protection and audit logs, security updates and the like are performed to support secure usage of the products. In the Decommission phase, initialization and internal data sanitization can be performed to prevent malicious parties from taking data from the device after disposal.
Product development lifecycle security
KYOCERA implements appropriate security countermeasures with respect to the different phases in the product development lifecycle of planning, development, evaluation, production and sales.
In the planning phase, we continuously check for the newest security trends and vulnerability information. We extract and analyze security requirements based on customer's security requests so that we will be able to incorporate them in our new models and solve any issues in an early stage.
In the development phase, we develop security functions for customers to use KYOCERA products in a more secure way. We strictly check potential vulnerabilities to ensure we do not embed these known items.
In the evaluation phase, our products are not only passed through internal evaluation, but also through objective security evaluations by third-party laboratories.
In the production phase, we establish a secure environment and ensure secure production by strictly following an operation process manual that enables us to perform precise operations.
Even after sales, we strive to respond promptly to any security concerns from the market. (Figure 2)
Furthermore, KYOCERA is working to ensure the KYOCERA products comply with the Common Criteria international security standard certification (known as ISO/IEC15408) that is granted when a third-party laboratory objectively determines that security functions on the products have gone through the comprehensive and rigorous process of planning, development, evaluation, production and sales phase, and then function correctly at the customer's site.