Information security measures for Digital Multifunction Printer (MFP)
Our information security measures
FUJIFILM Business Innovation has been working on enhancement of information security and ensuring quality by expanding various security functions, compromising response for encryption algorithm, and so on at the development of products to solve customers' information security challenges.
In recent years, sophisticated cyber-attacks such as injection of malicious parts or programs into a product have been on the rise, exploiting a vulnerable point in product supply chains. We have been the first to work on the supply chain security to ensure the integrity of our products throughout their lifecycle.
OVERVIEW
Security Certification / Third Party Evaluation
FUJIFILM Business Innovation has recognized the importance of balance between pursuing added value features and improving their security for a long time. To guarantee MFP security reliability, FUJIFILM Business Innovation has acquired "ISO/IEC15408" certification, which is an international standard for design and operations of information technology security with MFPs and acquired security certification (BLI Security Seal - Device Penetration) by passing the Security Validation Program of Keypoint Intelligence, a U.S. independent assessment agency.
In addition, to protect our products against recent rising cyber-attacks that exploit the vulnerable point in product supply chains, we have built processes to ensure integrity throughout the product lifecycle and obtained a self-assessed certification for ISO/IEC 20243, an internationally standardized supply chain security.
Data breach caused by operational errors of administrators and users
Preventing configuration / operation mistakes and improving the awareness of document handling
Security warning message for global IP address
Scanned documents to be delivered to / stored in fixed destination
Suppressing erroneous fax transmission
Block fax reception
Print lockout duration
Suppress data breach from printed documents
Ver. 21.26.4
For the detail of ISO/IEC 15408 certification, please refer to the site of “The Common Criteria”.
Unauthorized operations by other users
User authentication and permissions
User authentication
Restriction in use of functions
Automatic logout
Secure Print / Private Charge Print
Unified user authentication and permission control
Software tampering
MFP Software Integrity
Vulnerability detection and software update
Ensures the integrity when updating software
Ensures the integrity at startup
Ensures the integrity during operation
Fax ROM
Ver. 2.2.1
Product Certificate
FUJIFILM Business Innovation Multifunction Printers Security White Paper
FUJIFILM Business Innovation makes further efforts to help customers ensure information security through application of cutting-edge technologies to products, appropriate quality management, swift response, and provision of sophisticated information security services.
Please refer to the FUJIFILM Business Innovation Multifunction Printers Security White Paper.
MFP SECURITY THREATS AND MEASURES
Eavesdropping of communication and tampering of data
Protection of communication and data
SSL/TLS and IPsec
SMBv3, SFTP
FIPS 140 compliant
Digital certificate verification
Disabling setting by network protocol or port interfaces
Encrypting scanned documents
Direct print of encrypted documents
E-mail encryption and e-mail signature
Data breach prevention between different interfaces
Audit log tampering
Audit log, protection of the log, and other log related functions
Audit Log
Audit Log Protection
SIEM linkage of audit logs
Restrictions on job information display
Document-specific identifier "UUID" print
To guarantee MFP security reliability, FUJIFILM Business Innovation has acquired "ISO/IEC15408" certification, which is an international standard for design and operations of information technology security with MFPs.
Certificated Products
Product
Ver. 1.0.20
Ver. 2.2.1
Apeos C3060 / C2560 / C2060
Ver. 21.26.4
Ver. 2.2.1
Apeos 3560 / 3060 / 2560
Unauthorized access to administration functions
Protection of administration functions
System administrator’s password
Account lock
Customer engineer operation restriction function
Centralized user profile management
Breach of document data stored on the device
Protection of document data stored on the device
Encrypting data stored on storage
Batch deletion of data in MFP storage
SECURITY CERTIFICATION / THIRD PARTY EVALUATION
"ISO/IEC15408" certification
Apeos C7070 / C6570 / C5570 / C4570 / C3570 / C3070
Controller ROM
BLI Security Validation Program
FUJIFILM Business Innovation has acquired security certification (BLI Security Seal - Device Penetration) by passing the Security Validation Program of Keypoint Intelligence, a U.S. independent assessment agency.
For the detail of BLI Security Validation Program, please refer to the site of “Keypoint Intelligence”.
ISO/IEC 20243
To protect our products against recent rising cyber-attacks that exploit the vulnerable point in product supply chains, we have built processes to ensure integrity throughout the product lifecycle and obtained a self-assessed certification for ISO/IEC 20243, an internationally standardized supply chain security.
For the detail of ISO/IEC 20243, please refer to the site of “The Open Group, O-TTPS Certification Program”.
AAAis (JaSRO)
In September 2020, we became the first in Japan to win the rating triple-A (AAAis) for the level of compliance with NIST SP800-171 (NIST Special Publication 800-171 rev.1) which is a guideline of security standards established by U.S. governmental agencies. Furthermore, in December 2022, we also became the first in Japan to win the highest rating AAAis for each security standard NIST SP800-171/172 in recognition of extremely high level of implementation that satisfies NIST SP800-172 requirements (five types of cybersecurity measures, “Identify”, “Protect”, “Detect”, “Respond” and“Recover”) in addition to NIST SP800-171.
For the detail of AAAis (JaSRO), please refer to the site of “JaSRO”.