canon SP 800-193 Printers and Multifunction Devices User Guide

June 14, 2024
Canon

canon SP 800-193 Printers and Multifunction Devices

canon SP 800-193 Printers and Multifunction Devices

Preface

It is essential for organizations concerned about cybersecurity risks to take the following actions:

  • Manage and protect important information that is handled by systems.
  • Implement measures to counter cybersecurity risks (such as unauthorized access and the leak of confidential data).

As cybersecurity risks have grown more sophisticated and complicated in recent years, more advanced standard frameworks and security guidelines have been published. Those frameworks and guidelines are intended to support organizations in effectively implementing measures to counter ever-evolving cybersecurity risks.

One such standard framework is the Cybersecurity Framework (hereinafter “CSF”) issued by the National Institute of Standards and Technology (hereinafter “NIST”) in 2014. The official name of the framework is “Framework for Improving Critical Infrastructure Cybersecurity.” The NIST CSF has been created for the purpose of improving cybersecurity risk management in critical infrastructure, and is referenced by organizations in the United States and various other countries. By using such frameworks as tools for managing cybersecurity risks, organizations can determine the cybersecurity measures that are the most essential for protecting critical services. Thus, organizations can prioritize areas for investment and maximize their returns on those investments.

NIST has developed more specific guidelines defining the measures and management requirements for cybersecurity according to the NIST CSF. In 2018, NIST issued NIST SP 800-193 as “Platform Firmware Resiliency Guidelines.” There are no statements indicating a direct relationship between NIST CSF and NIST SP 800-193. However, the concepts of detection and recovery described in NIST CSF correspond to the detection and recovery functions that devices should have, as indicated in NIST SP 800-193.

The purpose of this white paper is to assist organizations who adopt and manage Canon devices in considering cybersecurity measures. First, this white paper briefly outlines the NIST CSF as a context for the cybersecurity functions provided by Canon devices. This white paper also indicates the functions provided by Canon devices to help meet the requirements defined in NIST SP 800-193 cybersecurity guidelines.

Cybersecurity Measures of Canon Devices

Printers/multifunction devices connect to the network of systems at organizations and handle important information such as document data. Therefore, printers/multifunction devices require many of the same security measures as other information devices. Canon devices provide functions designed to meet the five elements required for cybersecurity, which are “Identify,” “Protect,” “Detect,” “Respond,” and “Recover.” These five elements are defined as framework core functions in the NIST CSF. By comprehensively implementing measures for these five functions, you can not only help protect your organization from cybersecurity risks, but you may also be able to swiftly discover and take measures needed to recover from cybersecurity risks. As cyberattacks have become more sophisticated, the importance of the “Detect,” “Respond,” and “Recover” functions has increased, and Canon devices have enhanced the measures that provide for those functions.

The next section describes the security functions of Canon devices that are effective for cybersecurity measures. Of the five framework core functions of NIST CSF, the next section focuses on the “Detect,” “Respond,” and “Recover” functions, which are closely related to NIST SP 800-193.

The Five Framework Core Functions

Identify| Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
---|---
Protect| Develop and implement appropriate safeguards to ensure delivery of critical services.
Detect| Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
Respond| Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
Recover| Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.

Detect/Respond/Recover

Cyber Resilience
Cyber resilience is the act of preparing to detect attacks and swiftly restore systems to their original state, in order to minimize the damage of a cyberattack. Cyber resilience requires measures from three perspectives:

  • Detecting cyberattacks
  • Responding to detected cyberattacks
  • Restoring systems from the damage of cyberattacks
    Canon devices provide functions for addressing these cyber resilience measures.

Verify System at Startup
For verifying system integrity, Canon devices provide the hardware-based Verify System at Startup function. It checks system integrity by verifying that the programs of all system software including firmware and applications have not been tampered with when the device starts. If modifications are detected, this function stops the startup process to prevent unauthorized programs from causing damage. This function is designed to stop attacks that are as yet unknown, and provides more robust security features. Some products have a function that automatically performs the recovery process when tampering is detected.

Preventing Firmware/Application Tampering
Canon devices verify digital signatures when the firmware is updated or when an application is installed. This function is designed to prevent unauthorized programs from being installed on the devices.

Functionality in Support of Cybersecurity Guidelines

This section describes how the cybersecurity measures of Canon devices respond to the security requirements defined in cybersecurity guidelines. This white paper covers the NIST SP 800-193 cybersecurity guidelines.

Cybersecurity Guidelines

NIST SP 800-193
In these guidelines, the platform is considered as a combination of hardware components and the firmware that operates those hardware components. The firmware is the low-level software that initializes hardware components, and loads and executes system software. In order to maintain a computing system in a valid state without being subjected to cyberattacks such as malware injections, it is important to keep this firmware in a valid state.
Section 4 of the NIST SP 800-193 guidelines defines technical requirements for maintaining the firmware in a valid state. These requirements are further categorized into four sections, and cyber resiliency properties are categorized into three levels, based on the degree that the platform meets the requirements. A list of the properties and requirements to meet such properties are indicated below. The scope of requirements to meet differs for each property.

List of Cyber Resiliency Properties

Property Description
Protected Meets the protection guidelines found in Sections 4.1 and 4.2, but

may not fully offer capabilities to recover the device’s firmware and/or critical data.
Recoverable| Provides the means to detect corruption as described in Sections 4.1 and 4.3, and provides the means to recover from this corruption in compliance with the guidelines in Sections 4.1 and 4.4.
Resilient| Meets all of the guidelines in Section 4. Designed such that a compromised device will not impact the security of the platform as a whole. Provides mechanisms to detect and recover from malicious or accidental problems that occur.

Canon Devices Functionality in Support of Cybersecurity Guidelines
The Canon devices support for the requirements of NIST SP 800-193 is indicated below. The indicated support capability for the Product Groups applies only when the Verify System at Startup function described in Section 2 of this white paper is enabled. The indicated support does not apply when a Canon device is used with the default settings. See the manuals of each product for information on the method for changing the settings. Product group A supports the requirements for “Protected”, and product group B supports the requirements for “Resilient”.

List of Requirement Compatibility

Requirement| Product

Group A

| Product

Group B

| Remarks
---|---|---|---
Root of Trust (Section 4.1)| Supported| Supported| The product group has a RoT (Root of Trust) using hardware that cannot be overwritten. The product group also forms a CoT (Chain of Trust) by starting the subsequent firmware after performing signature verification using trusted firmware. The signature verification uses the algorithm indicated in FIPS PUB 186- 4.
Protection and Update of Mutable Code (Section 4.2.1)| Supported| Supported| RTU and CTU protect the update process for the platform firmware. Update images meet the standards of FIPS PUB 186-4 and NIST SP 800-57, and are digitally signed by Canon. This digital signature is verified before the update process completes.
Protection of Immutable Code (Section 4.2.2)| Supported| Supported| The product group has a RoT using hardware that cannot be overwritten.
Runtime Protection of Critical Platform Firmware (Section 4.2.3)| Supported| Supported| The platform firmware executed after being copied to RAM stops running when the system software starts. With some products, the platform firmware continues running after the system software starts, but the CPU protects the platform firmware.
Protection of Critical Data (Section 4.2.4)| Supported| Not required| Some Canon devices have critical data. Only an API defined by the device firmware in advance can change this critical data.
Requirement| Product

Group A

| Product

Group B

| Remarks
---|---|---|---
Detection of Corrupted Code (Section 4.3.1)| Supported| Supported| Even if an attack on the platform firmware succeeds, it will not impact the operation of the RTD. The CTD uses the RTD to form a CoT. In addition, the recovery process starts if the digital signature verification process detects corruption.
Detection of Corrupted Critical Data (Section 4.3.2)| Supported| Not required| Some Canon devices have critical data. The integrity of this critical data is checked before use.
Recovery of Mutable Code (Section 4.4.1)| Unsupported| Supported| RTRec and CTRec protect the recovery process for the platform firmware to provide resistance from attacks. A firmware image protected by a digital signature is also retained. Some products retain the firmware image in an area that cannot be accessed by the system software. When the recovery process is performed, some products record the event to an audit log.
Recovery of Critical Data (Section 4.4.2)| Supported| Not required| Some Canon devices have critical data. RTD and CTD protect the recovery process for critical data to provide resistance against attacks.

Summary
Canon devices provide various functions for dealing with cybersecurity measures. Product support for NIST SP 800-193 is one such example. Canon Inc. provides you with support for implementing your cybersecurity measures.

Appendix

Acronyms

NIST National Institute of Standards and Technology
NIST SP National Institute of Standards and Technology Special Publication
FIPS Federal Information Processing Standards
RTU Root of Trust for Update
CTU Chain of Trust for Update
RTD Root of Trust for Detection
CTD Chain of Trust for Detection
RTRec Root of Trust for Recovery
CTRec Chain of Trust for Recovery

Disclaimer

  • While care has been taken in the preparation of this white paper, the publisher and the author assume no responsibility for errors or omissions, or for damages resulting from the use of information contained in this white paper. The information provided herein is based on information available as of the date of publication of this white paper. Canon Inc. hereby expressly disclaims all warranties of any kind, express or implied, statutory or non-statutory, in relation to the information provided in this white paper.
  • This paper is for information purposes only and should not be considered as a comprehensive guideline for determining compliance with the security requirements contained in NIST SP 800-193. Hence, neither the author of this white paper nor Canon Inc. shall be responsible for the use of guidelines set forth this white paper in, or for damages resulting from noncompliance.
  • In no event shall Canon Inc., Canon’s subsidiaries or affiliates, their licensors, distributors or dealers, and their respective employees, shareholders, owners or agents (“Canon Parties”) be liable for any direct, special, consequential, incidental or indirect damages of any kind (including without limitation loss of profits or data or personal injury), whether or not the Canon Parties have been advised of the possibility of any such damages, and the Canon Parties shall not be liable for any claim against you by a third party arising out of the use or performance of Canon’s products or information referenced herein.

Regulatory Disclaimer
Statements made in this white paper are the opinions of Canon Inc. None of these statements should be construed to customers or Canon’s dealers as legal advice, as Canon Inc. does not provide legal counsel or compliance consultancy, including without limitation, Sarbanes Oxley, HIPAA, GLBA, Check 21 or the USA Patriot Act. Each customer must have its own qualified counsel determine the advisability of a particular solution as it relates to regulatory and statutory compliance.

Trademarks

  • “MEAP” is a trademark of CANON Inc., referring to an “application platform” for Canon multifunction and single function printers.
  • Any 3rd Party products that are referred to in this white paper may be either trademarks and/or registered trademarks of the respective owners. The publisher and the author make no claim to these trademarks.

References

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Related Manuals