BS ISO/IEC 7184:2024
Office equipment. Security requirements for hard copy devices (HCDs) - Definition of the basic requirements
- Standard No.
- BS ISO/IEC 7184:2024
- Release Date
- 2024
- Published By
- British Standards Institution (BSI) GB / BSI
- Latest
- BS ISO/IEC 7184:2024
- Introduction
Standard Background and Scope of Application
BS ISO/IEC 7184:2024 is the latest safety standard for hard copy devices (HCD) released by the International Organization for Standardization. It proposes basic safety requirements for printers, scanners, fax machines and other devices in small offices and home offices. This standard complements the Common Criteria (CC) certification and focuses on solving the safety function assessment issues of non-CC certified models.
Core security function requirements
Security dimensions Specific requirements Implementation points Identity authentication Remote access to security settings requires administrator privileges
Forced modification of default password mechanismSupport password/ID+password two-factor authentication
Forced password modification for the first useData protection Data erasure of replaceable non-volatile storage devices
(HDD/SSD)Use data encryption or physical erasure technology
SSD needs to enable wear leveling functionNetwork security Internet communication encryption
Close unused TCP/UDP portsApplication of encryption protocols such as TLS
Manufacturers must explicitly indicate the encryption method version
Analysis of key technical requirements
4.1.2 Identity authentication mechanism
The standard requires that the device must implement: Authentication failure handling mechanism (such as limiting the number of attempts, delayed response, etc.) to prevent brute force cracking, and at the same time guard against denial of service attacks (DoS) caused by this. Typical implementation plans include:
- Lock the account for 15 minutes after three consecutive failures within 5 minutes
- Exponentially extend the retry interval
4.1.5 Storage Device Data Protection
For field-replaceable storage media, standard differentiation and processing:
HDD protection plan: Physically erase data through the image overwrite function, overwriting random data at least 3 times
SSD protection plan: Utilize the logical deletion function combined with the wear leveling feature to ensure that data is unrecoverable
Implementation Recommendations
Enterprise Deployment Strategy
- Establish a device firmware version management system and regularly check and update
- Network isolation: class=instrument>HCD is deployed in the LAN segment protected by the firewall.
- Decommissioned equipment processing: perform security setting initialization + physical storage media destruction
Manufacturer compliance points
- Vulnerability response: establish a standardized vulnerability disclosure channel (CVE number application)
- Debug interface: mass production equipment must disable the engineering debug port
- Document support: clearly mark the purpose of each network service port
Standard evolution analysis
Compared with the previous version of the standard, the 2024 version mainly strengthens the following:
- Added PSTN fax and network isolation requirements (Article 4.1.7)
- Clarified SSD special processing logic (3.10 Wear leveling term definition)
- Expanded vulnerability assessment scope (Chapter 4.3 added port management requirements)
This standard is consistent with ISO/IEC 15408 (CC certification) forms a complementary system, which is suitable for scenarios with medium and low security requirements. Enterprise-level environments still need to be combined with CC certification requirements.
BS ISO/IEC 7184:2024 history
- 2024 BS ISO/IEC 7184:2024 Office equipment. Security requirements for hard copy devices (HCDs) - Definition of the basic requirements
