This document defines basic security requirements for the protection of hard copy devices (HCDs) including identification and authentication, security management, software update, field-replaceable nonvolatile storage data protection, network data protection and public switched telephone network (PSTN) fax-network separation.

It can be applied to office equipment with network functions including printers, scanners, fax machines, digital copiers, and digital multi-function machines, specifically for small office and home office users.

This document assumes a small, private information processing environment in which most elements of security are provided by the physical environment. In such an environment is assumed to be physically and logically protected from threats originating from outside of that environment, typically by limiting physical access to the HCD and connecting it to a LAN that is protected from the public Internet. A small office or home office would be a typical example of this environment.

Please note that the requirements outlined in this document are not intended to replace the existing Common Criteria Certification for hardcopy devices which ensure the minimum-security requirements for enterprise environment. For example, aspects being required in Common Criteria Certification such as audit data generation, self-test capabilities, and protection of key material are not adequately addressed.