标准摘要
[中文适用范围]: 本文件定义了保护硬拷贝设备 (HCD) 的基本安全要求,包括识别和认证、安全管理、软件更新、现场可更换的非易失性存储数据保护、网络数据保护和公共交换电话网络 (PSTN) 传真网络分离。它可应用于具有网络功能的办公设备,包括打印机、扫描仪、传真机、数字复印机和数字多功能机,特别是针对小型办公室和家庭办公室用户。本文件假设一个小型的私人信息处理环境,其中大多数安全元素由物理环境提供。在这样的环境中,假定在物理和逻辑上受到保护,免受来自该环境外部的威胁,通常是通过限制对 HCD 的物理访问并将其连接到受公共互联网保护的 LAN。小型办公室或家庭办公室是这种环境的典型示例。请注意,本文件中概述的要求并非旨在取代现有的硬拷贝设备通用标准认证,后者可确保企业环境的最低安全要求。例如,通用标准认证中要求的审计数据生成、自检能力以及密钥材料保护等方面尚未得到充分解决。 [外文原描述]: This document defines basic security requirements for the protection of hard copy devices (HCDs) including identification and authentication, security management, software update, field-replaceable nonvolatile storage data protection, network data protection and public switched telephone network (PSTN) fax-network separation. It can be applied to office equipment with network functions including printers, scanners, fax machines, digital copiers, and digital multi-function machines, specifically for small office and home office users. This document assumes a small, private information processing environment in which most elements of security are provided by the physical environment. In such an environment is assumed to be physically and logically protected from threats originating from outside of that environment, typically by limiting physical access to the HCD and connecting it to a LAN that is protected from the public Internet. A small office or home office would be a typical example of this environment. Please note that the requirements outlined in this document are not intended to replace the existing Common Criteria Certification for hardcopy devices which ensure the minimum-security requirements for enterprise environment. For example, aspects being required in Common Criteria Certification such as audit data generation, self-test capabilities, and protection of key material are not adequately addressed.
英文名称Office equipment - Security requirements for hard copy devices (HCDs) - Part 1: Definition of the basic requirements