Multi-Function Device (MFD) Security Standard

Summary

This standard explains how to securely configure and manage multi-function printers and copiers (MFDs) connected to the TRU network to protect university data.

Body

Adopted by the Information Security Committee - September 1, 2010

Background

Multi-Function Devices (MFDs) are office machines that combine printing, scanning, faxing, emailing, and copying in one unit. They can also store and share large amounts of data across the network.

While these devices make campus printing and document handling more efficient, they can also expose confidential university information if not properly secured. This standard sets the minimum security requirements for all MFDs connected to the Thompson Rivers University (TRU) network.

Security Requirements

  1. Change default passwords. The administrator password must be changed from the factory default and follow the TRU Minimum Password Standard.
  2. Use secure connections. Remote setup and support must use HTTPS (SSL/TLS) on port 443.
  3. Control admin access. The Manager of Client Services must keep the list of people who have the admin password.
  4. Protect with a firewall. Block direct traffic to and from MFDs at the campus perimeter.
  5. Encrypt local storage. Any storage drive in the MFD must be encrypted.
  6. Do not store scanned or faxed files on the MFD. Scanned or faxed data must not remain on the device.
  7. Store files in secure network folders. Use folders that follow the Information Classification Standard.
  8. Secure the device location. Place MFDs in areas with restricted physical access.
  9. Wipe before removal or disposal. Before removing an MFD from the TRU network, securely wipe or reformat all storage media per the Information Classification Standard.
  10. Disable unused ports. Turn off any ports that are not needed.
  11. Disable unsafe services. Turn off FTP and Telnet.
  12. Secure SNMP. Change the SNMP community string from the default. If SNMPv3 is not used, disable SNMP.
  13. Restrict email (SMTP) use. Incoming SMTP must be off unless approved by the Information Security Committee. All SMTP traffic must use TRU mail relays.
  14. Limit network access to the MFD. Use IP filtering, MAC filtering, or network print servers to control who can connect.

Exceptions

Any exceptions to this standard must be approved by the CIO and Associate Vice President, Information Technology Services.

Expected Outcome

Following this standard ensures that Multi-Function Devices (MFDs):

  • Operate securely within the Thompson Rivers University (TRU) network.
  • Protect confidential and sensitive information from unauthorized access or data breaches.
  • Meet the university’s data security and compliance requirements.

Details

Details

Article ID: 1253
Created
Tue 5/18/21 11:56 AM
Modified
Mon 10/6/25 5:40 PM

Related Services / Offerings

Related Services / Offerings (1)

Institutional Standards & Policies
Standards and Policies that apply to all staff, faculty, and third parties who access University Information.