GCN Hot Topics:

Peripheral threats

Sidebar | Security for peripherals

The Institute of Electrical and Electronics Engineers is developing a series of security standards for selecting, installing, configuring and using peripherals such as printers, scanners, copiers and fax machines.

The P2600 series of standards defines rules for authentication, authorization, privacy, and physical and information security. They will define protection profiles for four operational environments.

Creating a consensus on security standards can be daunting — and just coming up with names can be a challenge, said working group chairman Don Wright of Lexmark. “We could never get a broad agreement on names for the environments, so we call them A, B, C and D,” he said.

The protection profiles for the four operational environments are:

IEEE P2600.1 for Operational Environment A, the most rigorous, will address hard-copy devices in restrictive commercial information-processing environments requiring a relatively high level of document security and accountability. This would include trade secrets and material subject to legal regulation.
IEEE P2600.2 for Operational Environment B will cover moderate security needs for day-to-day proprietary information.
IEEE P2600.3 for Operational Environment C will address public-facing systems in which document security is not guaranteed but some level of access control is needed. Such environments could include retail copy centers, public libraries and Internet cafes.
IEEE P2600.4 for Operational Environment D, the least rigorous, will address small, private environments where only a basic level of network security from outside abuse is needed. This could include small and home offices.