S 4.299 Authentication for printers, copiers, and all-in-one devices

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

In normal daily office life, it is often easy to see printouts of confidential documents directly on the printer because they have not been picked up yet. For this reason, safeguards must be implemented to make accessing other people's documents more difficult.

In general, only authorised persons should be given access to the printed or copied documents. The group of authorised persons is to be kept as small as possible.

If access to a network printer cannot be restricted, then the use of devices providing an authentication function for users should be considered. When this function is activated, the document can only printed after the user who sent the corresponding print job has provided identification and been authenticated on the device. In actual practice, chip cards or PINs are often used for authentication purposes. In this case, PINs can be specified for each user or each document, depending on the type of device. When specified for each document, a PIN is first defined when the print job is sent. Only after the user enters this PIN on the device will the document assigned to the PIN be printed. Print jobs that were sent but not picked up must be deleted at regular intervals. The printer should be configured so that a print job is automatically deleted if the wrong PIN is entered several times in a row, if this is possible.

An additional gain in security can be obtained when the document to be printed is transmitted from the workstation PC to the printer in encrypted form and stored there in encrypted form. The document should only be decrypted and printed after successful authentication directly on the printer.

There are also copiers available that provide a similar authentication function, usually as an optional extension. The user can only make copies after a chip card is read in or a PIN entered. Although these authentication functions are mainly offered for cost accounting purposes, these types of extensions also make it more difficult for unauthorised persons to make copies.

If highly confidential documents often need to be printed on network printers or are often duplicated on copiers, then the use of devices with authentication capabilities should be considered to fulfil these functions.

Review questions:

• Are unauthorised persons prevented from accessing the printouts?
• Are there control mechanisms implemented to prevent unauthorised copies of documents being made?