Recommendations for Multifunctional Devices
The procurement of multifunctional devices must comply with the guidelines for multifunctional devices.
As part of their duties, procurers are obliged to maintain confidentiality and comply with data protection requirements. The following information relates to the data protection and security requirements for procuring multifunctional devices. If you have any questions, the information security team, the data protection officer, and the data protection coordinators at Paderborn University are available for assistance.
- The multifunctional device can store job data on its internal data carrier in an encrypted form, such as AES-256.
- The device can be configured to automatically delete data from the local memory after use (printing, copying, etc.). Alternatively, an administrator can delete the data.
- Multifunctional devices with USB ports, Bluetooth, Wi-Fi, and NFC interfaces can have these features switched off or blocked by entering an administrator-selected password.
- If the multifunction device is to store files with data from a Windows file share (SMB/CIFS), it supports SMB protocol version 3.0 or higher.
- The device/administration password can be chosen freely.
- A firmware update should be possible.
- The multifunction device supports PIN, smartcard, or similar secure printing.
- If the multifunction device can print files received by email and/or send scanned documents by email, it ideally supports TLS 1.3 or at least TLS 1.2. Emails can only be sent after successful authentication (entry of a user ID and password).
- The multifunction device supports the use of the HTTPS protocol for management and print data.
- Any maintenance, repair, or disposal work carried out on the multifunctional devices by an external service provider must be done in conjunction with a Paderborn University order processing contract, which must be established before the work begins. Sample contracts with instructions are available on Paderborn University's data protection website. Some of the information in the sample contract, particularly the annexes, must be completed by the service provider and checked by the Paderborn University data protection officer. Then, it must be signed by the Vice President for Business and Personnel Administration at Paderborn University.
- The multifunction device supports deleting data from internal storage media and/or removing data carriers in accordance with data protection regulations.
Action Orientations: Multifunctional Devices
The following table lists the devices tested and approved by the information security team.
This table is updated on an ongoing basis.
| Manufacturer | Model | Technology | Remark |
|---|---|---|---|
| Brother | HL-L5100DN |
| |
| Brother | HL-L6250DN |
| |
| Brother | HL-L8260CDW |
| |
| Brother | HL-L9310CDW |
| |
| Brother | DCP-L3550CDW |
| |
| Brother | MFC-J6540DW |
| |
| Brother | MFC-L2750DW |
| |
| Brother | MFC-L5700DN |
| |
| Brother | MFC-L6800DW |
| |
| Brother | MFC-L8690CDW |
| |
| Brother | MFC-L9570CDW |
| |
| HP | LaserJet Enterprise M577 |
| |
| HP | LaserJet Enterprise MFP M578dn |
|
If you are using devices that are not on the list but meet the data protection and security requirements, please contact informationssicherheit[at]uni-paderborn[dot]de.