The U.S. National Institute of Standards and Technology has instituted a security checklist program. Checklists can be developed not only by IT vendors, but also by consortia, cademia, industry, federal agencies and other governmental organizations, as well as other entities in the public and private sectors. A security configuration checklist (sometimes referred to as a lockdown guide, hardening guide or benchmark configuration) is essentially a document that contains instructions or procedures for configuring an IT product to a baseline level of security. Many technology devices have approved security checklists. However, HP is the first printer/MFP manufacturer to have a security checklist approved and published by NIST. Unlike other certifications, which often certify only certain features, the checklist program locks down or secures the entire MFP solution.
HP considers security checklists as a means to significantly improve the security capabilities' ease of configuration for imaging and printing products. HP submitted a security checklist for the HP LaserJet 4345 and 4370 printers in September 2006. At the time of submission, HP was the only hardcopy manufacturer to submit a checklist for review. HP plans to develop additional checklists for hardcopy devices in the future.
A checklist might include any of the following:
• Configuration files that automatically set various security settings (e.g., executables, security templates that modify settings, scripts)
• Documentation (e.g., text file) that guides the checklist user to manually configure software
• Documents that explain the recommended methods to securely install and configure a device
• Policy documents that set forth guidelines for such things as auditing, authentication security (e.g., passwords), and perimeter security