Lexmark C4342 Security White Paper - Page 60

Security Standards 60 The FIPS 140 Publication Series is issued by the National Institute of Standards and Technology (NIST) to outline the requirements and standards for cryptographic modules which include both hardware and software components that are used by departments and agencies of the United States federal government. The FIPS 140 standard is an outline of requirements that can be used to provide the necessary conditions to secure information, but should not be, nor is designed to be, a guarantee of information security. The requirements covered within the FIPS 140 publication are documented cryptographic modules and, in some cases, source code around the module. Benefits • Third-party validation assures customers that algorithm and/or module meets the requirement as outlined by FIPS. • Buffered data stored in a device hard drive is secured through a FIPS standard protection mechanism. Details Lexmark has also completed a FIPS 140-2 Cryptographic Algorithm Validation Program (CAVP) on the Lexmark devices. This validation provides further assurance of the security of user data while in transit and at rest on Common Criteria-validated devices. CAVP allows for independent validation of the correct implementation of cryptographic algorithms that are used within Lexmark devices. On current and future devices, Lexmark will not only validate the algorithm used to secure information on the device, but also to validate the cryptographic module through NIST's Cryptographic Module Validation Program (CMVP). CMVP validates the use of cryptographic modules as outlined in FIPS 140-2 for the encryption of all data that has a classification of Sensitive But Unclassified (SBU) or above. ISO 27001 - Information Security Management System Certification Overview Lexmark has obtained the ISO 27001 certification for its worldwide Managed Print Services, Predictive Services and Cloud Configurations Services. ISO 27001 is an information security management system (ISMS) international standard that provides a comprehensive set of requirements for maintaining confidentiality, integrity and availability of data. ISO 20243 - Supply Chain Certification Overview In addition to potential attack vectors, your supply chain is a possible area of opportunity for a security breach. Across Lexmark's supply chain, employees and supply partners operate in full compliance with local laws and regulations. We strictly adhere to specifications ensuring that products and parts designed for the device are the same that are delivered. This eliminates the possible introduction of rogue chips or other nefarious elements that are not specified in the original design. In fact, Lexmark is the first print vendor with an ISO 20243 supply chain security certification for the entire printing device, including supplies.