solution Contentsolution Content

HP Jetdirect Print Servers - End-user Statement Regarding NERC CIP 007

Information

The North American Electric Reliability Corporation (NERC) sets standards ensuring the safe operation of bulk power systems. Check the web link given below:
Click here to visit the NERC web site at http://www.nerc.com/page.php?cid=1.
note:
The above-mentioned URL will take you to a non-HP Web site. HP does not control and is not responsible for information outside of the HP Web site.
The Critical
Infrastructure Protection (CIP) standards, subsections 002 through 009, identify, and set standards for the protection of Critical Cyber Assets. Though HP LaserJet printers and MFPs are able to meet most of the standards set in the CIP 002 – 009, a number of requirements cannot feasibly be met by the technology contained within these printers. This document sets out these Technical Feasibility Exceptions (TFE).

Details

CIP-007-4 R4 Malicious Software Prevention
The CIP-007-4 R4 states:
  • R4: Malicious Software Prevention: The Responsible Entity shall use anti-virus software and other malicious software (malware) prevention tools, where technically feasible, to detect, prevent, deter, and mitigate the introduction, exposure, and propagation of malware on all Cyber Assets within the Electronic Security Perimeter(s).
  • R4.1: The Responsible Entity shall document and implement anti-virus and malware prevention tools. In the case where anti-virus software and malware prevention tools are not installed, the Responsible Entity shall document compensating measure(s) applied to mitigate risk exposure.
  • R4.2: The Responsible Entity shall document and implement a process for the update of anti-virus and malware prevention signatures. The process must address testing and installing the signature.
TFE: HP LaserJet printers and MFPs do not have the capabilities to install anti-virus software or other malicious software (malware) prevention tools. Such software is neither provided by HP nor available from third parties.
CIP-007-4 R5 Account Management
The CIP-007-4 R5 subsection 3 states:
  • R5.3: At a minimum, the Responsible Entity shall require and use passwords, subject to the following, as technically feasible:
    • R5.3.1: Each password shall be a minimum of six characters.
    • R5.3.2: Each password shall consist of a combination of alpha, numeric, and special characters.
    • R5.3.3: Each password shall be changed at least annually, or more frequently based on risk.
TFE: HP LaserJet printers and MFPs are not capable of implementing the password controls for Administrator accounts referenced in these paragraphs.

Additional support options

Try one of our automated tools or diagnostics
Ask a question on our HP Support Community page
Get in touch with one of our support agents

Enter a topic to search our knowledge library

What can we help you with?