Scope
This document defines minimum security requirements for the protection of devices including identification and authentication, security management, software update, mass storage data protection, network data protection and PSTN Fax-Network Separation.
It can be applied to Office Equipment with network functions including printers, scanners, fax machines, digital copiers, and digital multi-function machines (HCDs).
Purpose
With the spread of IoT devices, cyber attacks targeting IoT devices are on the rise. Security measures for IoT devices are required in various countries around the world. In the field of office equipment as well, it is necessary for customers to use multifunction devices, printers, scanners, and fax machines that have network functions with peace of mind. Therefore, each manufacturer must provide products that incorporate the necessary security measures.
The purpose of this standard is to define the minimum requirements for cyber security measures for office equipment with network functions, and the evaluation methods and criteria for evaluating conformity with the requirements.
On the other hand, in Japan, in order to respond quickly to the recent social situation, JBMIA (Japan Business Machine and Information System Industries Association) which is the office equipment industry group is leading the security evaluation system based on the voluntary conformity declaration and is about to start operation in 2021.
This standard is based on the cyber security measure requirements and evaluation methods / judgment criteria used for its operation.
The following structure is proposed:
Part 1: define the high-level minimum requirements.
Part 2: evaluation methods and judgment criteria. Subsequent parts may be developed as required.
Comment on proposal
Required form fields are indicated by an asterisk (*) character.