Preview only show first 10 pages with watermark. For full document please download

Rapidscan Security Document

Rating
Date

August 2018
Size

239.2KB
Views

528
Categories

computers & electronics Print & Scan printing supplies Toners & Laser Cartridges

Transcript

Sarbanes-Oxley Compliance Information Technology controls are in important part of complying with Sarbanes-Oxley. Under this Act, corporate executives become responsible for establishing, evaluating, and monitoring the effectiveness of internal control over financial reporting. There are IT systems in the market that are designed specifically for meeting these objectives. OKI Printing Solutions software (powered by PrintFleet) is not designed as an IT control system, but will not interfere or put at risk other systems that are intended for that purpose. RapidScan Security Document Overview The RapidScan assessment application is a secure program that cannot harm a computer system or network or endanger any private information. The software used by the RapidScan assessment application resides on a non-dedicated networked server or a host computer that is powered on continuously. Gramm-Leach-Bliley Act (GLBA) Compliance The use of OKI Printing Solution software applications (powered by PrintFleet) will not have an impact on compliance with the Gramm-Leach-Bliley Act (GLBA) for covered entities. This is because OKI Printing Solutions software applications (powered by PrintFleet) do not collect, house, or transmit any information regarding the content of print jobs, and thus have no way of accessing, housing, or transmitting customers’ personal financial information, even if this information is printed or otherwise sent to print devices monitored by OKI Printing Solutions software applications (powered by PrintFleet). Installing the Data Collection Agent (DCA) The RapidScan Data Collector Agent, powered by PrintFleet, is a software application that is installed at each location where imaging devices metrics are to be collected. The DCA runs a Windows service (or, optionally, a scheduled task), allowing it to operate 24 hours a day, 7 days a week. Types of Information Collected The RapidScan (powered by PrintFleet) DCA attempts to collect the following information from printing devices during a network scan: Federal Information Security Management Act (FISMA) Compliance OKI Printing Solutions software (powered by PrintFleet) is not intended to be part of an internal control system for FISMA, but will not interfere with these controls. The use of OKI Printing Solution software applications (powered by PrintFleet) will not have an impact on compliance with the Federal Information Security Management Act (FISMA) for covered entities. This is because OKI Printing Solutions software applications (powered by PrintFleet) do not collect, house, or transmit any information regarding the content of print jobs, and thus have no way of accessing, housing, or transmitting high risk information, even if this information is printed or otherwise sent to print devices monitored by OKI Printing Solutions software applications (powered by PrintFleet). • Toner cartridge serial number • IP Address • Maintenance kit levels • Device Description • Non-toner supply levels • Serial number • Asset number • Meter reads (multiple) • Location • Monochrome or color identification • MAC address • LCD reading • Manufacturer • Device status • Firmware • Error codes • Miscellaneous • Toner levels No print job or user data is collected RapidScan Security Document 4 Data Collection and Transmission Methods Hosted Server Information The DCA collects imaging devices metrics at a specified interval using SNMP, ICMP and HTTP; it then transmits the data to the centralized database via HTTPS (port 443 – recommended), HTTP (port 80), FTP (port 21/ port20), or SMTP (port 25, sends via e-mail) It is recommended that users transmit data using HTTPS, because this provides SSL 128-bit encryption of the data during transmission. HTTP, FTP, and SNMP do not provide encryption. To transmit using HTTPS, the machine receiving the transmitted data must be installed with an SSL security certificate. The data that is collected by the RapidScan assessment is stored by OKI Printing Solutions on an off-site server hardware with assured physical security. These hosted servers are stored in a class “A” data center with the following security measures: • Redundant, computer grade air conditioning and humidity control systems • Gas, fire suppression system and pre-action sprinkler systems • Biometric access control systems and video camera surveillance with 24/7 on-site security personnel Network Traffic The network traffic created by the DCA is minimal, and will vary depending on the number of IP addresses being scanned. The table below outlines the network load associated with the DCA. Additionally, these hosted servers are also provided with the following measures to guarantee maximum uptime and prevent data loss: Event Approximate Total Bytes • Redundant fiber-based backbone connections to multiple Tier 1 Internet backbone providers DCA Scan, 1 printer 7,260 • Full UPS battery and diesel generator power backup that supports in-use refueling DCA Scan, 1 printer, 1 subnet 96,300 • Automated data backup DCA Scan, network of 13 printers 111,530 Federal Law Compliance The use of the RapidScan assessment software application will not impact compliance of the following laws: Network Requirements • TCP/IP configured • Health Insurance Portability & Accountability Act (HIPAA) • Port 443 (HTTPS), or port 80 (HTTP), or port 21/20 (FTP) must be open for automatic transmission of collected data • Sarbanes-Oxley • Gramm-Leach-Bliley Act (GLBA) • Federal Information Security Management Act (FISMA) System Requirements • Hardware: Non-dedicated server powered on 24 x 7. The DCA can be installed on a desktop powered on 24 x 7 if a server is not available (transmission difficulties could result). • Operating system: Windows XP, Windows Server 2003, Windows Server 2008 or Windows Vista* • Network Card: 100mbit or higher • RAM: 512 MB or higher • Microsoft .NET Framework 2.0 installed Health Insurance Portability & Accountability Act (HIPAA) Compliance The use of RapidScan software applications will not have an impact on compliance with the Health Insurance Portability & Accountability Act (HIPAA) for covered entities. This is because OKI Printing Solutions (powered by PrintFleet) software applications do not collect, house, or transmit any information regarding the content of print jobs, and thus have no way of accessing, housing, or transmitting electronic protected health information (ePHI) as defined by HIPAA. continued… • Internet connected browser Important: Do not install the DCA on a laptop! RapidScan Security Document 2 RapidScan Security Document 3 Data Collection and Transmission Methods Hosted Server Information The DCA collects imaging devices metrics at a specified interval using SNMP, ICMP and HTTP; it then transmits the data to the centralized database via HTTPS (port 443 – recommended), HTTP (port 80), FTP (port 21/ port20), or SMTP (port 25, sends via e-mail) It is recommended that users transmit data using HTTPS, because this provides SSL 128-bit encryption of the data during transmission. HTTP, FTP, and SNMP do not provide encryption. To transmit using HTTPS, the machine receiving the transmitted data must be installed with an SSL security certificate. The data that is collected by the RapidScan assessment is stored by OKI Printing Solutions on an off-site server hardware with assured physical security. These hosted servers are stored in a class “A” data center with the following security measures: • Redundant, computer grade air conditioning and humidity control systems • Gas, fire suppression system and pre-action sprinkler systems • Biometric access control systems and video camera surveillance with 24/7 on-site security personnel Network Traffic The network traffic created by the DCA is minimal, and will vary depending on the number of IP addresses being scanned. The table below outlines the network load associated with the DCA. Additionally, these hosted servers are also provided with the following measures to guarantee maximum uptime and prevent data loss: Event Approximate Total Bytes • Redundant fiber-based backbone connections to multiple Tier 1 Internet backbone providers DCA Scan, 1 printer 7,260 • Full UPS battery and diesel generator power backup that supports in-use refueling DCA Scan, 1 printer, 1 subnet 96,300 • Automated data backup DCA Scan, network of 13 printers 111,530 Federal Law Compliance The use of the RapidScan assessment software application will not impact compliance of the following laws: Network Requirements • TCP/IP configured • Health Insurance Portability & Accountability Act (HIPAA) • Port 443 (HTTPS), or port 80 (HTTP), or port 21/20 (FTP) must be open for automatic transmission of collected data • Sarbanes-Oxley • Gramm-Leach-Bliley Act (GLBA) • Federal Information Security Management Act (FISMA) System Requirements • Hardware: Non-dedicated server powered on 24 x 7. The DCA can be installed on a desktop powered on 24 x 7 if a server is not available (transmission difficulties could result). • Operating system: Windows XP, Windows Server 2003, Windows Server 2008 or Windows Vista* • Network Card: 100mbit or higher • RAM: 512 MB or higher • Microsoft .NET Framework 2.0 installed Health Insurance Portability & Accountability Act (HIPAA) Compliance The use of RapidScan software applications will not have an impact on compliance with the Health Insurance Portability & Accountability Act (HIPAA) for covered entities. This is because OKI Printing Solutions (powered by PrintFleet) software applications do not collect, house, or transmit any information regarding the content of print jobs, and thus have no way of accessing, housing, or transmitting electronic protected health information (ePHI) as defined by HIPAA. continued… • Internet connected browser Important: Do not install the DCA on a laptop! RapidScan Security Document 2 RapidScan Security Document 3 Sarbanes-Oxley Compliance Information Technology controls are in important part of complying with Sarbanes-Oxley. Under this Act, corporate executives become responsible for establishing, evaluating, and monitoring the effectiveness of internal control over financial reporting. There are IT systems in the market that are designed specifically for meeting these objectives. OKI Printing Solutions software (powered by PrintFleet) is not designed as an IT control system, but will not interfere or put at risk other systems that are intended for that purpose. RapidScan Security Document Overview The RapidScan assessment application is a secure program that cannot harm a computer system or network or endanger any private information. The software used by the RapidScan assessment application resides on a non-dedicated networked server or a host computer that is powered on continuously. Gramm-Leach-Bliley Act (GLBA) Compliance The use of OKI Printing Solution software applications (powered by PrintFleet) will not have an impact on compliance with the Gramm-Leach-Bliley Act (GLBA) for covered entities. This is because OKI Printing Solutions software applications (powered by PrintFleet) do not collect, house, or transmit any information regarding the content of print jobs, and thus have no way of accessing, housing, or transmitting customers’ personal financial information, even if this information is printed or otherwise sent to print devices monitored by OKI Printing Solutions software applications (powered by PrintFleet). Installing the Data Collection Agent (DCA) The RapidScan Data Collector Agent, powered by PrintFleet, is a software application that is installed at each location where imaging devices metrics are to be collected. The DCA runs a Windows service (or, optionally, a scheduled task), allowing it to operate 24 hours a day, 7 days a week. Types of Information Collected The RapidScan (powered by PrintFleet) DCA attempts to collect the following information from printing devices during a network scan: Federal Information Security Management Act (FISMA) Compliance OKI Printing Solutions software (powered by PrintFleet) is not intended to be part of an internal control system for FISMA, but will not interfere with these controls. The use of OKI Printing Solution software applications (powered by PrintFleet) will not have an impact on compliance with the Federal Information Security Management Act (FISMA) for covered entities. This is because OKI Printing Solutions software applications (powered by PrintFleet) do not collect, house, or transmit any information regarding the content of print jobs, and thus have no way of accessing, housing, or transmitting high risk information, even if this information is printed or otherwise sent to print devices monitored by OKI Printing Solutions software applications (powered by PrintFleet). • Toner cartridge serial number • IP Address • Maintenance kit levels • Device Description • Non-toner supply levels • Serial number • Asset number • Meter reads (multiple) • Location • Monochrome or color identification • MAC address • LCD reading • Manufacturer • Device status • Firmware • Error codes • Miscellaneous • Toner levels No print job or user data is collected RapidScan Security Document 4

Rapidscan Security Document

Rating

Date

Size

Views

Categories

Share

Transcript

Forgot your password?.