Konica Minolta bizhub C258 bizhub C368/C308/C258 Security Operations User Manu - Page 13

Precautions for Operation Control, Roles of the Owner of the Machine

Get Konica Minolta bizhub C258 PDF manuals and user guides View all Konica Minolta bizhub C258 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 13 highlights

1.3 Precautions for Operation Control 1 1.3 Precautions for Operation Control This machine and the data handled by this machine should be used in an office environment that meets the following conditions. The machine must be controlled for its operation under the following conditions to protect the data that should be protected. Roles of the Owner of the Machine The owner (an individual or an organization) of the machine should take full responsibility for controlling the machine, thereby ensuring that no improper operations are performed. - The owner of the machine should have the administrator of the machine recognize the organizational security policy and procedure, educate him or her to comply with the guidance and documents prepared by the manufacturer, and allow time for him or her to acquire required ability. The owner of the machine should also operate and manage the machine so that the administrator of the machine can configure and operate the machine appropriately according to the policy and procedure. - The owner of the machine should have users of the machine recognize the organizational security policy and procedure, educate them to follow the policy and procedure, and operate and manage the machine so that the users acquire the required ability. - The owner of the machine should vest the user with authority to use the machine according to the organizational security policy and procedure. - The owner of the machine should operate and manage the machine so that the administrator of the machine checks the Job Log (Audit Log) data at appropriate timing to thereby determine whether a security compromise or a faulty condition has occurred during an operating period. - If the Job Log (Audit Log) data is to be exported to another product, the owner of the machine should ensure that only the administrator of the machine performs the task. The owner of the machine should also operate and manage the machine so that the Job Log (Audit Log) data is not illegally accessed, deleted, or altered. Roles and Requirements of the Administrator of the machine The administrator of the machine should take full responsibility for controlling the machine, thereby ensuring that no improper operations are performed. - A person who is capable of taking full responsibility for controlling the machine should be appointed as the administrator of the machine to make sure that no improper operations are performed. - When using an SMTP server (mail server) or an DNS server, each server should be appropriately man- aged by the administrator and should be periodically checked to confirm that settings have not been changed without permission. Password Usage Requirements The administrator must control the Administrator Password, Encryption Key, FW Update (USB) Password, and User Box Password appropriately so that they may not be leaked. These passwords should not be ones that can be easily guessed. The user, on the other hand, should control the Secure Print Password and User Password appropriately so that they may not be leaked. Again, these passwords should not be ones that can be easily guessed. - Make absolutely sure that only the administrator knows the Administrator Password, Encryption Key, FW Update (USB) Password, and User Box Password. - The administrator must change the Administrator Password, Encryption Key, FW Update (USB) Password, and User Box Password at regular intervals. - The administrator should make sure that any number that can easily be guessed from birthdays, employee identification numbers, and the like is not set for the Administrator Password, Account Password, Encryption Key, FW Update (USB) Password, and User Box Password. - If a User Password has been changed, the administrator should have the corresponding user change the password as soon as possible. - If the Administrator Password has been changed by the Service Engineer, the administrator should change the Administrator Password as soon as possible. - The administrator should have users ensure that the passwords set for the User Authentication, Secure Print, and the box that can be used by the user are known only by the user concerned. - The administrator should have users change the passwords set for the User Authentication at regular intervals. bizhub C368/C308/C258 1-9

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
bizhub C368/C308/C258
1-9
1.3
Precautions for Operation Control
1
1.3
Precautions for Operation Control
This machine and the data handled by this machine should be used in an office environment that meets the
following conditions. The machine must be controlled for its operation under the following conditions to pro-
tect the data that should be protected.
Roles of the Owner of the Machine
The owner (an individual or an organization) of the machine should take full responsibility for controlling the
machine, thereby ensuring that no improper operations are performed.
-
The owner of the machine should have the administrator of the machine recognize the organizational
security policy and procedure, educate him or her to comply with the guidance and documents pre-
pared by the manufacturer, and allow time for him or her to acquire required ability. The owner of the
machine should also operate and manage the machine so that the administrator of the machine can
configure and operate the machine appropriately according to the policy and procedure.
-
The owner of the machine should have users of the machine recognize the organizational security policy
and procedure, educate them to follow the policy and procedure, and operate and manage the machine
so that the users acquire the required ability.
-
The owner of the machine should vest the user with authority to use the machine according to the or-
ganizational security policy and procedure.
-
The owner of the machine should operate and manage the machine so that the administrator of the ma-
chine checks the Job Log (Audit Log) data at appropriate timing to thereby determine whether a security
compromise or a faulty condition has occurred during an operating period.
-
If the Job Log (Audit Log) data is to be exported to another product, the owner of the machine should
ensure that only the administrator of the machine performs the task. The owner of the machine should
also operate and manage the machine so that the Job Log (Audit Log) data is not illegally accessed,
deleted, or altered.
Roles and Requirements of the Administrator of the machine
The administrator of the machine should take full responsibility for controlling the machine, thereby ensuring
that no improper operations are performed.
-
A person who is capable of taking full responsibility for controlling the machine should be appointed as
the administrator of the machine to make sure that no improper operations are performed.
-
When using an SMTP server (mail server) or an DNS server, each server should be appropriately man-
aged by the administrator and should be periodically checked to confirm that settings have not been
changed without permission.
Password Usage Requirements
The administrator must control the Administrator Password, Encryption Key, FW Update (USB) Password,
and User Box Password appropriately so that they may not be leaked. These passwords should not be ones
that can be easily guessed. The user, on the other hand, should control the Secure Print Password and User
Password appropriately so that they may not be leaked. Again, these passwords should not be ones that can
be easily guessed.
<To Achieve Effective Security>
-
Make absolutely sure that only the administrator knows the Administrator Password, Encryption Key,
FW Update (USB) Password, and User Box Password.
-
The administrator must change the Administrator Password, Encryption Key, FW Update (USB) Pass-
word, and User Box Password at regular intervals.
-
The administrator should make sure that any number that can easily be guessed from birthdays, em-
ployee identification numbers, and the like is not set for the Administrator Password, Account Pass-
word, Encryption Key, FW Update (USB) Password, and User Box Password.
-
If a User Password has been changed, the administrator should have the corresponding user change
the password as soon as possible.
-
If the Administrator Password has been changed by the Service Engineer, the administrator should
change the Administrator Password as soon as possible.
-
The administrator should have users ensure that the passwords set for the User Authentication, Secure
Print, and the box that can be used by the user are known only by the user concerned.
-
The administrator should have users change the passwords set for the User Authentication at regular
intervals.