HP Jetdirect Print Servers - End-user Statement Regarding NERC CIP 007

Error:

Javascript is disabled in this browser. This page requires Javascript. Modify your browser's settings to allow Javascript to execute. See your browser's documentation for specific instructions.

hp-support-head-portlet

Actions

Welcome to HP Customer Support

hp-contact-secondary-navigation-portlet

Actions

hp-hero-support-search

Actions

Examples: "Deskjet Ink Advantage K109 paper jam", "ProBook 4540s bios update"

hp-share-print-widget-portlet

Actions

Information

Information regarding recent vulnerabilities
HP is aware of the recent vulnerabilities commonly referred to as "Spectre" and "Meltdown". HP has published a security bulletin with patches for these issues and a list of impacted systems. We will continue to update the bulletin as more information becomes available and encourage customers to check the bulletin frequently.

hp-concentra-wrapper-portlet

Actions

HP Jetdirect Print Servers - End-user Statement Regarding NERC CIP 007

Information

The North American Electric Reliability Corporation (NERC) sets standards ensuring the safe operation of bulk power systems. Check the web link given below:

Click here to visit the NERC web site at http://www.nerc.com/page.php?cid=1.

note:

The above-mentioned URL will take you to a non-HP Web site. HP does not control and is not responsible for information outside of the HP Web site.

The Critical

Infrastructure Protection (CIP) standards, subsections 002 through 009, identify, and set standards for the protection of Critical Cyber Assets. Though HP LaserJet printers and MFPs are able to meet most of the standards set in the CIP 002 – 009, a number of requirements cannot feasibly be met by the technology contained within these printers. This document sets out these Technical Feasibility Exceptions (TFE).

Details

CIP-007-4 R4 Malicious Software Prevention

The CIP-007-4 R4 states:

R4: Malicious Software Prevention: The Responsible Entity shall use anti-virus software and other malicious software (malware) prevention tools, where technically feasible, to detect, prevent, deter, and mitigate the introduction, exposure, and propagation of malware on all Cyber Assets within the Electronic Security Perimeter(s).
R4.1: The Responsible Entity shall document and implement anti-virus and malware prevention tools. In the case where anti-virus software and malware prevention tools are not installed, the Responsible Entity shall document compensating measure(s) applied to mitigate risk exposure.
R4.2: The Responsible Entity shall document and implement a process for the update of anti-virus and malware prevention signatures. The process must address testing and installing the signature.

TFE: HP LaserJet printers and MFPs do not have the capabilities to install anti-virus software or other malicious software (malware) prevention tools. Such software is neither provided by HP nor available from third parties.

CIP-007-4 R5 Account Management

The CIP-007-4 R5 subsection 3 states:

R5.3: At a minimum, the Responsible Entity shall require and use passwords, subject to the following, as technically feasible:
- R5.3.1: Each password shall be a minimum of six characters.
- R5.3.2: Each password shall consist of a combination of alpha, numeric, and special characters.
- R5.3.3: Each password shall be changed at least annually, or more frequently based on risk.

TFE: HP LaserJet printers and MFPs are not capable of implementing the password controls for Administrator accounts referenced in these paragraphs.

hp-feedback-input-portlet

Actions

hp-online-communities-portlet

Actions

Ask the community!

Support Forum

Join the conversation! Find Solutions, ask questions, and share advice with other HP product owners. Visit now

hp-feedback-banner-portlet

Actions

hp-country-locator-portlet

Actions

Country/Region: Africa

hp-detect-load-my-device-portlet

Actions