canon SP 800-193 Printers and Multifunction Devices User Guide
- June 14, 2024
- Canon
Table of Contents
canon SP 800-193 Printers and Multifunction Devices
Preface
It is essential for organizations concerned about cybersecurity risks to take the following actions:
- Manage and protect important information that is handled by systems.
- Implement measures to counter cybersecurity risks (such as unauthorized access and the leak of confidential data).
As cybersecurity risks have grown more sophisticated and complicated in recent years, more advanced standard frameworks and security guidelines have been published. Those frameworks and guidelines are intended to support organizations in effectively implementing measures to counter ever-evolving cybersecurity risks.
One such standard framework is the Cybersecurity Framework (hereinafter “CSF”) issued by the National Institute of Standards and Technology (hereinafter “NIST”) in 2014. The official name of the framework is “Framework for Improving Critical Infrastructure Cybersecurity.” The NIST CSF has been created for the purpose of improving cybersecurity risk management in critical infrastructure, and is referenced by organizations in the United States and various other countries. By using such frameworks as tools for managing cybersecurity risks, organizations can determine the cybersecurity measures that are the most essential for protecting critical services. Thus, organizations can prioritize areas for investment and maximize their returns on those investments.
NIST has developed more specific guidelines defining the measures and management requirements for cybersecurity according to the NIST CSF. In 2018, NIST issued NIST SP 800-193 as “Platform Firmware Resiliency Guidelines.” There are no statements indicating a direct relationship between NIST CSF and NIST SP 800-193. However, the concepts of detection and recovery described in NIST CSF correspond to the detection and recovery functions that devices should have, as indicated in NIST SP 800-193.
The purpose of this white paper is to assist organizations who adopt and manage Canon devices in considering cybersecurity measures. First, this white paper briefly outlines the NIST CSF as a context for the cybersecurity functions provided by Canon devices. This white paper also indicates the functions provided by Canon devices to help meet the requirements defined in NIST SP 800-193 cybersecurity guidelines.
Cybersecurity Measures of Canon Devices
Printers/multifunction devices connect to the network of systems at organizations and handle important information such as document data. Therefore, printers/multifunction devices require many of the same security measures as other information devices. Canon devices provide functions designed to meet the five elements required for cybersecurity, which are “Identify,” “Protect,” “Detect,” “Respond,” and “Recover.” These five elements are defined as framework core functions in the NIST CSF. By comprehensively implementing measures for these five functions, you can not only help protect your organization from cybersecurity risks, but you may also be able to swiftly discover and take measures needed to recover from cybersecurity risks. As cyberattacks have become more sophisticated, the importance of the “Detect,” “Respond,” and “Recover” functions has increased, and Canon devices have enhanced the measures that provide for those functions.
The next section describes the security functions of Canon devices that are effective for cybersecurity measures. Of the five framework core functions of NIST CSF, the next section focuses on the “Detect,” “Respond,” and “Recover” functions, which are closely related to NIST SP 800-193.
The Five Framework Core Functions
Identify| Develop an organizational understanding to manage cybersecurity risk
to systems, people, assets, data, and capabilities.
---|---
Protect| Develop and implement appropriate safeguards to ensure delivery of
critical services.
Detect| Develop and implement appropriate activities to identify the
occurrence of a cybersecurity event.
Respond| Develop and implement appropriate activities to take action regarding
a detected cybersecurity incident.
Recover| Develop and implement appropriate activities to maintain plans for
resilience and to restore any capabilities or services that were impaired due
to a cybersecurity incident.
Detect/Respond/Recover
Cyber Resilience
Cyber resilience is the act of preparing to detect attacks and swiftly restore
systems to their original state, in order to minimize the damage of a
cyberattack. Cyber resilience requires measures from three perspectives:
- Detecting cyberattacks
- Responding to detected cyberattacks
- Restoring systems from the damage of cyberattacks
Canon devices provide functions for addressing these cyber resilience measures.
Verify System at Startup
For verifying system integrity, Canon devices provide the hardware-based
Verify System at Startup function. It checks system integrity by verifying
that the programs of all system software including firmware and applications
have not been tampered with when the device starts. If modifications are
detected, this function stops the startup process to prevent unauthorized
programs from causing damage. This function is designed to stop attacks that
are as yet unknown, and provides more robust security features. Some products
have a function that automatically performs the recovery process when
tampering is detected.
Preventing Firmware/Application Tampering
Canon devices verify digital signatures when the firmware is updated or when
an application is installed. This function is designed to prevent unauthorized
programs from being installed on the devices.
Functionality in Support of Cybersecurity Guidelines
This section describes how the cybersecurity measures of Canon devices respond to the security requirements defined in cybersecurity guidelines. This white paper covers the NIST SP 800-193 cybersecurity guidelines.
Cybersecurity Guidelines
NIST SP 800-193
In these guidelines, the platform is considered as a combination of hardware
components and the firmware that operates those hardware components. The
firmware is the low-level software that initializes hardware components, and
loads and executes system software. In order to maintain a computing system in
a valid state without being subjected to cyberattacks such as malware
injections, it is important to keep this firmware in a valid state.
Section 4 of the NIST SP 800-193 guidelines defines technical requirements for
maintaining the firmware in a valid state. These requirements are further
categorized into four sections, and cyber resiliency properties are
categorized into three levels, based on the degree that the platform meets the
requirements. A list of the properties and requirements to meet such
properties are indicated below. The scope of requirements to meet differs for
each property.
List of Cyber Resiliency Properties
| Property | Description |
|---|---|
| Protected | Meets the protection guidelines found in Sections 4.1 and 4.2, but |
may not fully offer capabilities to recover the device’s firmware and/or
critical data.
Recoverable| Provides the means to detect corruption as described in Sections
4.1 and 4.3, and provides the means to recover from this corruption in
compliance with the guidelines in Sections 4.1 and 4.4.
Resilient| Meets all of the guidelines in Section 4. Designed such that a
compromised device will not impact the security of the platform as a whole.
Provides mechanisms to detect and recover from malicious or accidental
problems that occur.
Canon Devices Functionality in Support of Cybersecurity Guidelines
The Canon devices support for the requirements of NIST SP 800-193 is indicated
below. The indicated support capability for the Product Groups applies only
when the Verify System at Startup function described in Section 2 of this
white paper is enabled. The indicated support does not apply when a Canon
device is used with the default settings. See the manuals of each product for
information on the method for changing the settings. Product group A supports
the requirements for “Protected”, and product group B supports the
requirements for “Resilient”.
List of Requirement Compatibility
Requirement| Product
Group A
| Product
Group B
| Remarks
---|---|---|---
Root of Trust (Section 4.1)| Supported| Supported| The product group has a RoT
(Root of Trust) using hardware that cannot be overwritten. The product group
also forms a CoT (Chain of Trust) by starting the subsequent firmware after
performing signature verification using trusted firmware. The signature
verification uses the algorithm indicated in FIPS PUB 186- 4.
Protection and Update of Mutable Code (Section 4.2.1)| Supported| Supported|
RTU and CTU protect the update process for the platform firmware. Update
images meet the standards of FIPS PUB 186-4 and NIST SP 800-57, and are
digitally signed by Canon. This digital signature is verified before the
update process completes.
Protection of Immutable Code (Section 4.2.2)| Supported| Supported| The
product group has a RoT using hardware that cannot be overwritten.
Runtime Protection of Critical Platform Firmware (Section 4.2.3)| Supported|
Supported| The platform firmware executed after being copied to RAM stops
running when the system software starts. With some products, the platform
firmware continues running after the system software starts, but the CPU
protects the platform firmware.
Protection of Critical Data (Section 4.2.4)| Supported| Not required| Some
Canon devices have critical data. Only an API defined by the device firmware
in advance can change this critical data.
Requirement| Product
Group A
| Product
Group B
| Remarks
---|---|---|---
Detection of Corrupted Code (Section 4.3.1)| Supported| Supported| Even if an
attack on the platform firmware succeeds, it will not impact the operation of
the RTD. The CTD uses the RTD to form a CoT. In addition, the recovery process
starts if the digital signature verification process detects corruption.
Detection of Corrupted Critical Data (Section 4.3.2)| Supported| Not required|
Some Canon devices have critical data. The integrity of this critical data is
checked before use.
Recovery of Mutable Code (Section 4.4.1)| Unsupported| Supported| RTRec and
CTRec protect the recovery process for the platform firmware to provide
resistance from attacks. A firmware image protected by a digital signature is
also retained. Some products retain the firmware image in an area that cannot
be accessed by the system software. When the recovery process is performed,
some products record the event to an audit log.
Recovery of Critical Data (Section 4.4.2)| Supported| Not required| Some Canon
devices have critical data. RTD and CTD protect the recovery process for
critical data to provide resistance against attacks.
Summary
Canon devices provide various functions for dealing with cybersecurity
measures. Product support for NIST SP 800-193 is one such example. Canon Inc.
provides you with support for implementing your cybersecurity measures.
Appendix
- NIST CSF https://www.nist.gov/cyberframework
- NIST SP 800-193 (Final) https://csrc.nist.gov/publications/detail/sp/800-193/final
Acronyms
| NIST | National Institute of Standards and Technology |
|---|---|
| NIST SP | National Institute of Standards and Technology Special Publication |
| FIPS | Federal Information Processing Standards |
| RTU | Root of Trust for Update |
| CTU | Chain of Trust for Update |
| RTD | Root of Trust for Detection |
| CTD | Chain of Trust for Detection |
| RTRec | Root of Trust for Recovery |
| CTRec | Chain of Trust for Recovery |
Disclaimer
- While care has been taken in the preparation of this white paper, the publisher and the author assume no responsibility for errors or omissions, or for damages resulting from the use of information contained in this white paper. The information provided herein is based on information available as of the date of publication of this white paper. Canon Inc. hereby expressly disclaims all warranties of any kind, express or implied, statutory or non-statutory, in relation to the information provided in this white paper.
- This paper is for information purposes only and should not be considered as a comprehensive guideline for determining compliance with the security requirements contained in NIST SP 800-193. Hence, neither the author of this white paper nor Canon Inc. shall be responsible for the use of guidelines set forth this white paper in, or for damages resulting from noncompliance.
- In no event shall Canon Inc., Canon’s subsidiaries or affiliates, their licensors, distributors or dealers, and their respective employees, shareholders, owners or agents (“Canon Parties”) be liable for any direct, special, consequential, incidental or indirect damages of any kind (including without limitation loss of profits or data or personal injury), whether or not the Canon Parties have been advised of the possibility of any such damages, and the Canon Parties shall not be liable for any claim against you by a third party arising out of the use or performance of Canon’s products or information referenced herein.
Regulatory Disclaimer
Statements made in this white paper are the opinions of Canon Inc. None of
these statements should be construed to customers or Canon’s dealers as legal
advice, as Canon Inc. does not provide legal counsel or compliance
consultancy, including without limitation, Sarbanes Oxley, HIPAA, GLBA, Check
21 or the USA Patriot Act. Each customer must have its own qualified counsel
determine the advisability of a particular solution as it relates to
regulatory and statutory compliance.
Trademarks
- “MEAP” is a trademark of CANON Inc., referring to an “application platform” for Canon multifunction and single function printers.
- Any 3rd Party products that are referred to in this white paper may be either trademarks and/or registered trademarks of the respective owners. The publisher and the author make no claim to these trademarks.
References
- SP 800-193, Platform Firmware Resiliency Guidelines | CSRC
- Security White Paper: Guidance for Canon Printers and Multifunction Devices Functionality in Support of NIST SP 800-193
- Canon User Manual (Product Manual) Portal Site
- Cybersecurity Framework | NIST