dcsimg

Find an IT Download

Risk Management for Replication Devices

This publication provides guidance on protecting the confidentiality, integrity, and availability of information processed, stored, or transmitted on replication devices.


1.26 MB | 3 files | null PDF

A replication device (RD) is any device that reproduces (e.g., copies, prints, scans) documents, images, or objects from an electronic or physical source. For the purposes of this NISTIR, RDs include copiers, printers, three-dimensional (3D) printers, scanners, 3D scanners, as well as multifunction machines when used as a copier, printer, or scanner. RDs in use within organizations run the gamut in terms of age and functionality. Older, single-function devices may have no internal, nonvolatile storage and cannot be networked. Other devices may provide a variety of functions, be network-connected, run commercially available operating systems, contain internal, nonvolatile storage, and contain embedded internal print servers and web server capability. In between the two extremes, there may be RDs with network and/or storage functionality but no discernable means to configure them securely. Additionally, many organizations may not have an accurate inventory of RDs or recognize what functionality each device possesses, especially with respect to information (data) storage, processing, and transmission.

Managing the risks associated with RDs requires a basic understanding of threats, vulnerabilities, potential impact and likelihood of an event, and the identification and implementation of countermeasures or mitigation strategies. This publication provides guidance on protecting the confidentiality, integrity, and availability of information processed, stored, or transmitted on replication devices.

The attached zip file includes:

  • Intro Page.pdf
  • Terms and Conditions.pdf
  • Risk Mgmt Replication Devices.pdf

Related IT DOWNLOADS

Recent IT Downloads
Building a GRC Program: Assessing Stakeholder Needs and Readiness

This table outlines the top needs of each stakeholder group that can help guide your conversat...Read More

Recent IT Downloads
Guide to Cyber Threat Information Sharing

This publication provides guidelines for establishing and participating in cyber threat inform...Read More

Recent IT Downloads
Trustworthy Email

This document provides recommendations and guidelines for enhancing trust in email, including ...Read More