HP Commercial LaserJet Printers and MFPs - Imaging and Printing Security Best Practices

Chapter 1 HP LaserJet and Color LaserJet MFP Security Checklist 3
MFP Environment
NIST defines several types of user environments, many of which are compatible with HP LaserJet
and Color LaserJet MFPs. However, this checklist is written for MFPs in an enterprise environment or
a small to medium business environment. These environments use most of the network features
available with MFPs. This entire checklist can be configured using HP Web Jetadmin. You should
configure as much of this checklist as possible while adapting the settings to your specific situation.
Assumptions
This checklist makes some assumptions about network administrators and about enterprise
environments:
Network administrators: This checklist assumes that readers are trained network
administrators who are familiar with common networking practices such as configuring HP
Jetdirect connections and using HP Web Jetadmin. Administrators should have read the
MFP user guide, the MFP administrator guide, the Jetdirect administrator guide, Web
Jetadmin user guides, and help files. This checklist relies on these materials for necessary
information. All of these guides are available by searching for them at hp.com.
MFPs: This checklist covers security settings for specific HP LaserJet MFPs and HP Color
LaserJet MFPs. It is meant to enable you to configure multiple MFPs simultaneously. It
assumes that the MFPs are turned on, connected to the network, and in the factory default
state.
Most of the settings recommended in this checklist apply to other HP MFPs and printers;
however, this checklist is tested and known to be successful only with the specified MFP
models.
Updated firmware: This checklist assumes that each MFP has updated system firmware and
Jetdirect firmware. You should use the latest firmware available, but realize that updated
firmware may have new features not covered in this checklist. Updated firmware is
available for download and installation at hp.com.
Web Jetadmin Version 10.x: This checklist is written for use with HP Web Jetadmin Version
10.1 and above.
Enterprise environment: This checklist is created and tested in a TCP/IP enterprise
environment. However, most of the settings are applicable to any network.
Network connection: This checklist assumes that each MFP is connected directly to a local
area network via Jetdirect or Jetdirect Inside (JDI). Other connections, such as direct-
connect via parallel cable or via USB are not covered in this checklist (this checklist
recommends disabling direct-connect ports).
Settings are only suggested: All settings in this checklist are meant only as suggestions for
best-practice security in common enterprise environments. Use it as a reference, and make
judgments about each recommended setting before configuring your MFPs.
Internet and intranet security: This checklist assumes that your network includes basic
security configurations and components. All MFPs should be installed behind network
firewalls and other standard tools such as updated virus protection applications.