
Multi-Function Print Device’s (MFPD) are essentially computers that contain hard-drives and memory capable of capturing images. Data is stored on the device whenever someone prints, copies, scans, or faxes. The following information can help in protecting confidential data from unauthorized access.
Acquiring New MFPDs
-
Involve the agency IT staff or ITD in the procurement of MFPDs.
-
-
Acquire a data security kit with the ability to overwrite and remove data on all internal storage devices at the point of purchase or lease.
Retrofitting Existing MFPDs
For devices purchased prior to July 1, 2009, either
For devices leased prior to July 1, 2009
Maintaining MFPDs
- Involve the agency IT staff or ITD when vendors and administrative professionals are configuring devices.
- Include language in maintenance agreements disallowing vendors from changing or resetting security configurations (or instructing others to do so) without first involving the agency IT staff or ITD.
- Assign responsibility to the agency IT staff for securing MFPDs based on security best practices and network standards.
- Agencies should ensure that unnecessary communication protocols are disabled.
- Agencies should ensure that maintenance agreements and contracts include patching and that the agency IT staff or ITD is involved in the patching process.
- The Enterprise Architecture Operating System Critical Updates Standard states, "All PCs connected to the state network will be kept current with critical updates." This may be amended to include MFPDs in the future.
-