FleetView Security Overview

The application developer is committed to providing products that are secure for use in all network environments. The Data Collector Agent (DCA) only collects the critical imaging device metrics necessary to manage a printing environment, and never collect any personal or user information.

This document discusses network and information security as it relates to the Data Collector Agent application. It will also explain why using the application will not impact compliance with the following laws:

  • Health Insurance Portability & Accountability Act (HIPAA)
  • Sarbanes-Oxley
  • Gramm-Leach-Bliley Act (GLBA)
  • Federal Information Security Management Act (FISMA)

Data Collector Agent Application

The DCA is an application that is installed on a non-dedicated networked server at each location where imaging device metrics are to be collected.

The DCA runs as a Windows® service (or, optionally, a scheduled task), allowing it to operate 24 hours a day, 7 days a week.
The DCA attempts to collect the following information from printing devices during a network scan:

IP address (can be masked) Toner cartridge serial number
Device description Maintenance kit levels
Serial number Non-toner supply levels
Meter reads Asset number
Monochrome or color identification Location
LCD reading MAC address
Device status Manufacturer
Error codes Firmware
Toner levels Miscellaneous (machine specific)

No print job or user data is collected
Data collection and transmission methods

The DCA collects imaging device metrics at a specified interval using SNMP, ICMP, and HTTP; it then transmits the data to the centralized database via HTTPS (port 443).

Optional remote updates

The DCA contains an optional remote update feature, which is activated by enabling the Health Check and Intelligent Update options. Health Check will periodically ensure that the DCA service is operating, and if not, it will restart the DCA service. Intelligent Update allows the DCA to check for and receive software updates and DCA configuration changes posted by the FleetView server. These features are enabled and disabled at the end user site, and are not required.

Network traffic

The network traffic created by the DCA is minimal, and will vary depending on the number of IP addresses being scanned. The table below outlines the network load associated with the DCA compared to the network load associated with loading a single standard webpage.

Network Byte Load Associated with the DCA

Event Approximate Total Bytes
Loading a single standard webpage 60,860
DCA scan, blank IP 5,280
DCA scan, 1 printer 7,260
DCA scan, 1 printer, 1 subnet 96,300
DCA scan, network of 13 printers 111,530

 

Health Insurance Portability & Accountability Act (HIPAA) Compliance

The use of the FleetView application will not have an impact on compliance with the Health Insurance Portability & Accountability Act (HIPAA) for covered entities. The FleetView application does not collect, house, or transmit any information regarding the content of print jobs, and thus have no way of accessing, housing, or transmitting electronic protected health information (ePHI) as defined by HIPAA.

For more information about HIPAA, visit
http://www.hhs.gov/ocr/hipaa/

Sarbanes-Oxley Act Compliance

The FleetView application is not intended to be used as part of an internal control structure as outlined in Section 404: Management Assessment of Internal Controls, but will not interfere with these controls.

Information Technology controls are an important part of complying with Sarbanes-Oxley. Under this Act, corporate executives become responsible for establishing, evaluating, and monitoring the effectiveness of internal control over financial reporting. There are IT systems in the market that are designed specifically for meeting these objectives. The FleetView application is not designed as an IT control system, but will not interfere or put at risk other systems that are intended for that purpose.

For more information about Sarbanes-Oxley, visit http://thecaq.aicpa.org/Resources/Sarbanes+Oxley/

Gramm-Leach-Bliley Act (GLBA) Compliance

The FleetView application will not have an impact on compliance with the Gramm-Leach-Bliley Act (GLBA) for covered entities. The FleetView application does not collect, house, or transmit any information regarding the content of print jobs, and thus has no way of accessing, housing, or transmitting customers’ personal financial information, even if this information is printed or otherwise sent to print devices monitored by the FleetView application.

For more information about the Gramm-Leach-Bliley Act, visit http://www.ftc.gov/privacy/privacyinitiatives/glbact.html

Federal Information Security Management Act (FISMA) Compliance

The FleetView application is not intended to be part of an internal control system for FISMA, but will not interfere with these controls.

The FleetView application will not have an impact on compliance with the Federal Information Security Management Act (FISMA) for covered entities. The FleetView application does not collect, house, or transmit any information regarding the content of print jobs, and thus has no way of accessing, housing, or transmitting high risk information, even if this information is printed or otherwise sent to print devices monitored by the FleetView application.

For more information about the Federal Information Security Management Act, visit http://csrc.nist.gov/groups/SMA/fisma/index.html

email