Printer Management Standard

Who is Affected by the Standard?

Question – Has this standard been communicated to the approved vendors and manufacturers? It seems like it could affect support expectations, and costs, particularly for leased systems.

Printer Acquisition: Note – First link gets a 404 error.

Printer Equipment Set up and Security: Firmware:
Question – are all approved vendors and manufacturers providing checksum data for verification?

Larger question – if a printer is acquired via the appropriate process under Printer Acquisition, but the vendors or manufacturers don’t provide checksum data or up to date firmware, as examples, what is the audit and remediation process?

• This reply was modified 8 years, 1 month ago by ccovey01.

Under who is affected by this standard, there is a misplaced “or” at the end of the first sentence. I believe it should read “This standard applies to any UNM organizational entity (i.e. branch, division, college, school, department, business unit, or other UNM affiliated organization), hereinafter referred to as a “department”, that intends to acquire,
maintain, or support print services.”

Under Responsibilities, does it make sense to list an office that has responsibility for negotiating printer lease agreements with vendors that adhere to the standard? We have been trying to move all printing to leased printers. Our preference would be to go with whatever vendor is providing maintenance at a level that matches the standard.

Will printer setup and security functions be handled by vendors under UNM printer lease agreements?

I am in favor of documented, well supported IT infrastructure, which this standard attempts to codify. Actual compliance with this standard will depend heavily on UNM / departmental ability to invest resources (staff, non-labor) to move from the current state where many areas cannot meet this standard to the desired future state. Given budget realities, I don’t know if that is realistic.

What is UNM IT’s policy when handling non-compliant printers if funds are not available to replace or implement additional security measures?

Has the information in this standard been communicated to UNM vendors? We have called vendors on the current contract to come and update device firmware and they have told us their policy is to not update firmware unless there is a functionality issue with the device. (Ricoh and Xerox specifically) Also, for security requirements related to network attached devices, are UNM print management vendors aware of what will not satisfy the standard for a UNM printer? Are they instructed to follow institutional requirements as part of the contract when quoting a device?

Is there a UNM IT offered printing service? Does it meet all the requirements of this standard? What are the costs associated with this service and where are those published? If UNM is currently offering print services for Managed Workstation customers or for use with the Banner ERP, are those systems compliant with this standard? Are OS X machines supported for the “UNM IT enterprise print server”?

Installation, Warranty and Equipment Maintenance
“Equipment Maintenance. Ensure that equipment is properly and routinely cleaned and maintained”
For leased devices is this the responsibility of the vendor?

Printer Equipment Set up and Security Section:
“Vulnerabilities. Stay current on patches for known vulnerabilities related to installed printers”
What is the scope of vulnerabilities? Firmware, Driver patches, workstation patches, server patches, etc.

Usage Section:
“Publish best practices for users of the printer”
What best practices need to be defined for the printer in terms of compliance with this standard?

Data Security Section:
“Data in Transit. Encrypt documents in transit to and from printers (print jobs and scans) to prevent eavesdropping on printer traffic”
Will best practices be published for how UNM Administration, Internal Audit, or UNM IT will determine if the printing solution implemented will satisfy compliance concerns.

“Physical security. Ensure that output trays are in monitored spaces and that only the authorized user can release sensitive documents sent to the printer”
What classifies as a “sensitive document”? Is print release being set as a requirement for all UNM owned printers? Have the data owners been notified about this requirement and addressed the concerns with printing services through the Banner ERP?

“Use additional anti-counterfeiting solutions on printers that use special paper” 
What constitutes an additional anti-counterfeiting solution? How will compliance be determined if enough additional anti-counterfeiting measures are not employed? For UNM official documents what is the minimum requirement to anti a document as genuine?

Trouble-Shooting and Technical Escalation Support Section:
“comply with Service Desk Standard for support of printers”
Where is the service desk standard?

“Ticket and track contacts made regarding printer, training or vendor support issues. Report on and use this information to improve support” 
Is there a standard report format to follow for auditing and compliances purposes?

Good afternoon,

Thank you for the feedback. Please know that we are reading every one of these responses and taking everything said into consideration. You will see changes made to standards that were inspired by these comments.

A few answers:

The standard has been communicated to Ricoh, Pacific Office, and Xerox. These are our three main vendors, and core IT works with them directly to ensure all standards are met, vulnerabilities are patched, and systems are up to date. I understand there has been some delay in the past. We have broached this subject with each of them and they are going to be more responsive in the future.

Vendors do provide checksum data for a good portion of their data, but not all. If it is provided, please use it to verify.

If the printer is found to be a security vulnerability, it will be pulled off the network. Please verify that the vendor provides security patches as needed before purchasing.

This standard is followed by the Core UNM print service, and it is compatible with OSX, Windows, and Linux (others too!). Please search fast info if you would like further information.

Many of the further questions can be answered by looking at the Service Desk SLA at http://discuss.unm.edu/document/service-desk-sla/

Thank you and keep the questions/comments coming!