Keypoint Intelligence-Buyers Lab, the industry’s leading authority in document imaging and "Smart Office" device testing and research, has created a neutral third-party security testing benchmark program that standardizes the requirements for output device and office IoT (Internet of Things) security. This three-track test suite addresses security from various vectors to determine if devices are safeguarded against vulnerabilities.


The three testing tracks include:

Device Penetration:  A combination of automated tools and manual exploitation attempts are used by certified security experts to probe for potential vulnerabilities in the device firmware/OS, ports, print protocols, embedded web page, connectivity avenues, and more

Policy Compliance:  Buyers Lab technicians employ the OEMs’ management tools to specify desired security settings and save those settings as a “policy” template, apply the policy across a fleet to ensure devices are in compliance, monitor those settings on an ongoing basis, automatically remediate devices that fall out of compliance, and more.

Firmware Resilience:  Certified security technicians use the OEMs’ tools and protocols to validate that devices are in compliance with the NIST (National Institute of Standards and Technology) SP 800-193 guidelines for platform resiliency of IoT devices. The testing looks to see whether mechanisms are in place to protect the platform against unauthorized changes, and that the device can detect an attack and recover to a secure state automatically.

We understand that most equipment makers do their own rigorous security testing on their devices. This Keypoint Intelligence program complements that by providing independent validation of an OEM’s claims based on uniform testing. During the two years of development of the program, Keypoint Intelligence personnel solicited input and guidance from all of the key OEMs that serve the document imaging space. The result is a three-track test suite that addresses security from various vectors to ensure devices are safeguarded against vulnerabilities—and that they remain so.

For the testing, devices and associated software are configured to the OEM’s recommendations for a “business secure” posture, where important functionality remains intact while less secure ports, protocols, and features not germane to essential functionality are disabled.  Notably, the Keypoint Intelligence-Buyers Lab program differs from Common Criteria Certification (CCC) for output devices in that there is not only verification that a device has the prescribed set of features and that they are correctly implemented, but also hands-on testing to determine if vulnerabilities remain.

OEMs that submit products for testing and pass one, two, or all three tracks of the program earn the right to license the Security Validation Testing seal to communicate to customers that the platform has passed the rigorous evaluation. This website will be updated on a regular basis to show the products that have undergone the testing and where vendors have licensed the seal. It will also deliver important details, such as the exact date of testing, the version/firmware version tested, and the configuration settings that were changed for testing—at the direction and discretion of the vendor—from the “out of box” factory defaults to achieve a security posture recommended for enterprise business environments.


Assessment Limitations and Restrictions

Note that with the program described above and the Security Validation Testing seals, Keypoint Intelligence and its partners, contractors, and affiliates are not certifying nor verifying that the products evaluated have no security vulnerabilities, nor that they will be invulnerable to attacks and exploitation by determined actors. These product assessments were performed in line with established security testing methodologies, and represent a point-in-time assessment of the in-scope systems. Any configuration changes made to these systems outside of what was tested may result in weaknesses being introduced into the environment that are not reflected in the results obtained by Keypoint Intelligence and its partners. Additionally, new vulnerabilities and testing techniques are regularly identified, and real-world attackers may not be limited by resources or engagement timeframes. Further weaknesses may therefore exist within the systems tested that could not reasonably be identified within the assessment timescales.


The following specific limitations and restrictions were encountered and should be borne in mind when considering the findings:

  • The systems were tested in a non-production, controlled lab environment, provided by Keypoint Intelligence. Any differences between this testing environment and a different corporate, production environment may lead to additional security weaknesses. Likewise, issues present in the lab environment may not be replicated in a real-world, corporate environment.
  • The device configuration was established at the beginning of testing by the vendor submitting the product for evaluation. Any modification to these settings may result in additional security weaknesses not covered by the evaluation.
  • Some areas of the product might not have been fully tested if they were incompatible with the vendor-defined configuration of the device.


To read the latest press release, click here.

Verified Secure Products

FutureSmart v4 Enterprise firmware platform
11/12/2019 11:22:23 AM
11/12/2022 12:00:00 AM
Device Penetration; Firmware Resilience
v4.8.0.1 and later

As tested in the HP Color LaserJet Flow E87650


HP Workpath (formerly Jetadvantage Link) supplemental OS disabled


HP JetAdvantage Security Manager pre-configured “Base” policy applied

Departures from that policy:

Scan/Digital Send | Digital Sending Software Setup:

Allow use of DSS server:  Deselected

Allow transfer to new DSS server:  Deselected


Security | General Security:

Local admin password: set complex password

PJL Security: set complex password


Security | Access Control:

Control Panel:  Turned off all access except for Copy

Embedded Web Server:  Admin-only access

Allow users to choose alternate sign-in methods:  Deselected

Automatically sign out:  Selected


Security | Email Domain Restriction:

Open:  Set to allow only internal email domains


HP Web Services | HP JetAdvantage Setup:

Allow users to create an account:  Deselected


Networking | Configuration | TCIP/IP Settings:

IPv6:  Deselected


Networking | Configuration | Network Settings | SNMP:

SNMP v1/v2:  Deselected

Enable SNMP v1/v2 read-only access:  Deselected

Enable SNMP v3:  Selected and entered a complex password

Authentication protocol:  Selected SHA1 and entered complex passphrase

Privacy protocol:  Selected AES-128 and entered complex passphrase


Networking | Configuration | Network Settings | Other Settings | Misc:

Bonjour:  Selected

AirPrint:  Selected


Networking | Security | Settings | Secure Communication:

Active ciphers:  Moved AES-256-SHA and AES 128-SHA out of “Active” list

SSL/TLS protocol:

                TLS 1.2:  Selected

                TLS 1.1:  Deselected

                TLS 1.0:  Deselected



Networking | Security | IPsec Firewall

IPsec Firewall Policy – Rule Summary:  Selected “Allow traffic from administrator IP address; blocked other traffic


Networking | Security

Announcement Agent:  Set to ON, but with IP address for device entered

JetAdvantage Security Manager
9/25/2019 3:17:07 PM
9/24/2022 12:00:00 AM
Policy Compliance
HP JASM v3.3.0.15855 and later

As tested via HP JetAdvantage Security Manager v3 (supported for some functions by HP Web Jetadmin)

Buyers Lab analysts verified the claimed features and effectiveness of the HP management utilities for satisfying the test methodology criteria indicated below

  • Ensure devices are secured to a vendor’s and/or customer’s recommended settings by providing a method to quickly discover and apply the recommended settings
  • Provide ongoing checks to ensure the devices are still in compliance with the recommended settings
  • Provide automatic remediation to return device to the recommended settings
  • Provide a report or dashboard of at-risk devices
  • Provide a mechanism to highlight at-risk firmware (out-of-date firmware with known vulnerabilities) on devices
  • Provide fleet-scalable, secure firmware update capability
  • Automatically detect newly connected but un-configured device(s) attached to the network and automatically apply the policy designated by the administer for new devices
FUJIFILM Business Innovation Corp.
ApeosPort-VII Firmware Platform v1.4
2/11/2020 2:39:18 PM
2/11/2023 12:00:00 AM
Device Penetration
1.4.1 and later

As tested on the Fuji Xerox ApeosPort-VII C3373


General Setup

  • Job Management: Printer Lockout  ON
  • Stored Job Settings: Set Job Passcode  12
  • Web Browser Setup:  Web Application Version  v5
  • Web Browser Setup: Delete Persistent Cookie  ON
  • Web Browser Setup: Clear Cookie Cache Upon Exiting  ON
  • General Setup: Web Browser Setup: Use TLS 1.0  OFF
  • General Setup: Web Browser Setup: When SSL Certificate Verification Fails  STOP ACCESSING SITE

Connectivity: Protocols

  • SNMP v1/2c  OFF
  • SNMP v3  ON
  • SNMP: Authentication Failure Generic Traps  ON
  • SNMP v3 Settings:
  •    Message Digest Algorithm SHA-1
  •    Authentication Password Complex Value
  •    Message Encryption AES-128
  • SMB Client  ON
  • TBCP Filter  ON
  • Port 9100  OFF
  • SMTP Server: SSl/TLS Communication:  SSL/TLS
  • SMTP Server: Login Credentials to SMTP Server  Authentication
  • POP3 Setup: POP3 SSl/TLS Communication  ON
  • HTTP: HTTP Max Number of Sessions  1
  • HTTP: CSRF Protection  ON
  • HTTP: Secure HTTP (SSL)  ON
  • IPP: IPP Port Number  0
  • IPP: TBCP Filter  ON
  • WebDAV: WebDAV Port Status  OFF
  • WSD: Scan  OFF
  • WSD: Print  OFF
  • FTP  OFF

Connectivity Services

  • Printing: Print Model: PJL  OFF
  • Network Scanning: Job Log: Username  ON
  • Network Scanning: Job Log: Domain  ON



  • USB: General  OFF
  • USB: Embedded Plug-ins  OFF



  • Authentication Configuration: Log Type  LOGIN TO REMOTE ACCOUNTS
  • User Details Setup: Login Attempts Limit  5
  • Remote Authentiocation Servers: Kerberos Server  ON
  • Audit Log: Audit Log  ON
  • Device Digital Signed Certificate: Upload Signed Certificate  Depending on PKI
  • Certificate Revocation Settings: Level of Cerfiticate Verification  HIGH
  • Certificate Revocation Settings: Auto Retrieval of CRL  ON
  • SSL/TLS Settings: POP3TLS Communication  ON
  • SSL/TLS Settings: Verify Remote Server Certificate  ON
  • PDF: DocuWorks/XPS Signature  SHA-256
  • Job Status Default: Completed Job View  REQUIRE LOGIN TO VIEW JOBS
  • Job Status Default: Access to jobs  LOGGED-IN USER ONLY
  • Job Operation Restrictions: Pause/Cancel  JOB OWNERS AND ADMINISTRATORS
  • Job Operation Restrictions: Edit/Print  JOB OWNERS AND ADMINISTRATORS
  • Job Operation Restrictions: Promote Print Jobs  JOB OWNERS AND ADMINISTRATORS
  • Plug-in: Custom Service Settings: Custom Service  ON
  • Plug-in: Custom Service Settings: Service Representative Restricted Operation  ON + Complex Password
  • Plug-in: Custom Service Settings: System Admnistrator Settings  Complex Values
  • Plug-in: Custom Service Settings: Smart Card Settings: Limit Access to Folder  ON
  • Authentication: Passcode Policy: Passcode Entry for Control Panel Login  ON
  • Authentication: Passcode Policy: Minimum Passcode Length  12
  • Authentication: Passcode Policy: Maximum Passcode Length  63
  • System Settings: Common Service Settings: Other: Hard Disk Encryption  ON+ComplexPassword
IM Series System Firmware v2
2/3/2020 2:43:33 PM
2/3/2023 12:00:00 AM
Device Penetration
IM C Firmware 1.0

Ricoh IM C Firmware Ver. 1.0

Firmware sub-modules:

System/Copy v2.2

Netowk Support v18.54

Web Support v2.19

Fax v02.01.00

Scanner v02.01

Web Uapl v2.00

NetworkDocBox v2.00

Animation v2.01

Printer v2.12

RPCS v3.23.13

Font EXP v1.0

PCL v1.01

IRIPS PS3 v1.00


IRIPS Font v1.15

Graphic Data v2.00

MovieData v1.00

MovieData2 v1.00

MovieData3 v1.00

Data Erase Onb v1.05

PowerSaving Sys F.L3.23.1

RicohACT v1.0


As tested in the Ricoh IM C6000

Settings changed from defaults after a firmware upgrade as follows:


Wireless and Networks:

  • Port forwarding to Machine, Port Forwarding changed to “inactive”

Screen Device Settings:

  • Screen SD Card Slot:  to inactive
  • Screen USB Memory Slot:  To inactive
  • Recovery by Wireless Connection:  To inactive

Web Browser:

  • Prohibit Entering URL:  to Active
  • Form Data/remember form data:  To inactive
  • Form Data/remember Passwords:  To inactive
  • Cookies/Accept Cookies:  To inactive


  • Enable JavaScript:  To inactive
  • Enable Plugins:  To Off

Bandwidth Management:

  • Search Result Preloading:  To Never
  • WebPage Preloading:  To never
  • Load Images:  to Never

Web Browser NX:

  • Save Cookie:  To “do not save”
  • Restrict Usage for Users:  To Restrict

Device Settings:


Media Slot Use:

  • Store to Memory Device:  Prohibit
  • Print from Memory Storage Device:  Prohibit


  • Sleep Mode Timer:  set to 60 seconds


Job Logs

  • Job log:  Active
  • Job log Collect level:  Level 1

Access Logs:

  • Collect Access Logs:  Active
  • Access Log Collect Level:  Level 2

Eco-Friendly Logs:

  • Collect Eco-Friendly logs:  Active
  • Eco-friendly log Collect Level:  Level 2

SYSLOG Transfer Setting:

  • Transfer to SYSLOG Server:  Inactive


Administrator Authentication Management:

  • User Administrator Authentication:  On
  • Available Settings for User Administrator:  “checked” Administrator Tools
  • Machine Administrator Authentication:  On
  • Available Settings:  “checked” General Features, Tray paper settings, Timer settings, Interface, File


Transfer, Administrator Tools, Maintenance.

  • Network Administrator Authentication:  On
  • Available Settings:  “checked” File Transfer, Interface, Admin tools
  • File Administrator Authentication:  On
  • Available settings:  “checked” Admin Tools


Kerberos Authentication:

  • Encryption Algorithm:  “unchecked” all but AES 256-CTS


Interface Settings:

  • USB:  To Inactive




  • DDNS:  Inactive
  • WINS:  Inactive
  • RSH/RCP:  Inactive
  • LPR:  Inactive
  • DIPRINT: Inactive
  • FTP:  Inacative
  • WSD (device):  Inactive
  • WSD (Printer): Inactive
  • WSD (Scanner): Inactive
  • IPP:  Inactive
  • RHPP: Inactive


  • All settings and features to inactive


  • SMB:  Inactive

SNMP v1: 

  • All settings and features to inactive

SNMP v3:

  • IPv6:  Inactive
  • Authentication Algorithm:  SHA1
  • Account User:  Entered new password
  • Encryption Password (user):  Entered new encryption password


  • SSDP:  To Inactive


  • IPv6:  To Inactive


Network Security:

  • HTTP Port 80:  Close IPv4 and IPv6
  • SSL/TLS Port 443-Permit SSL/TLS Communication: changed to “Cyphertext”
  • TLS 1.0:  Inactive
  • TLS 1.1:  Inactive
  • SSL 3.0:  Inactive
  • AES 128 : Inactive
  • 3DES:  Inactive
  • RC4:  Inactive
  • RSA Key Exchange: Inactive
  • SHA – 1: Inactive
  • Telnet: Inactive
  • NetBios over TCP/IPvc4:  Inactive
  • SNMP v1: Inactive
  • SNMP v2: Inactive


  • Authentication Algorithm: SHA-512
  • Encryption Algorithm:  AES-256

Kerberos Authentication:

  • All off but AES-256

Driver Encryption Key:

  • Encryption Strength:  AES

User Lockout Policy:

  • Lockout:  Enable


Extended Security:

  • Authenticate Current Job:  To Access Privilege
  • Restrict Display of Use Information:  On
  • Enhance File Protection:  On
  • Restrict Use of Destinations (address books):  On
  • @Remote Service:  Prohibit


  • Close Telnet Ports:
  • Nat_u Filter On
  • Close TCP 111, 1022, 1023, 2049, 54080, 54443
  • Close UDP 1022, 1023
  • Commands:
  • Nat_ui port_filter_cats on
  • Set RFU Down (for remote firmware update)
  • Set NRS Down  (remote metering to off)
MPS Monitor, s.r.l
MPS Monitor 2.0 Platform
7/31/2020 1:27:21 PM
7/31/2023 12:00:00 AM
Policy Compliance
MPS Monitor 2.0 Platform
MPS Monitor 2.0 platform when used to manage HP Inc. printers and MFPs fully supported by the HP Smart Device Services (SDS) platform

Keypoint Intelligence analysts verified the claimed features and effectiveness of the MPS Monitor 2.0 platform, when used to managed HP SDS-compliant HP printers and MFPs, for satisfying the test methodology criteria indicated below:

  • Discover and highlight at-risk firmware (that is, out-of-date firmware with known and/or likely vulnerabilities) that are still in use on devices
  • Provide fleet-scalable, secure firmware update capability
  • Ensure a customer’s devices are secured to a vendor’s and/or customer’s recommended settings (via templates, policies, or similar mechanism)
  • Provide a method to discover out-of-compliance devices
  • Generate a report (or dashboard view) showing at-risk devices
  • Provide a way to automatically apply the desired settings to bring devices back into compliance
  • Provide on-going checks to ensure the devices are still in compliance with the recommended settings
  • Automatically detect newly connected but un-configured device(s) attached to the network and automatically apply the policy designated by the administer for new devices (NOTE: MPS Monitor reports that it has opted to disable this capability in the platform’s default configuration. The decision as to whether or not to implement the feature is a decision left to MPS Monitor customers.)
Evolution Series Firmware v1.x
4/30/2022 3:30:34 PM
6/1/2024 12:00:00 AM
Device Penetration
Kyocera Evolution Series

Function/Port/Protocol….Status For Test

Security Level ....Level 3 (Very High)

Internet Browser....Disabled

Password Policy ....Enabled (strong password required)

Incorrect Password Lockout….Enabled

Bundled Data Security Kit.. ..Enabled

Optional Data Security 10....Enabled

Auto Panel Reset….Enabled (90 seconds)

Auto Reset....Enabled (60 second)

Continue or Cancel Error Job….Job Owner Only

Remote Printing (Doc Box)….Permit

AirPrint ....Disabled

IPv4 (Ethernet).Static. ...Enabled


Wireless Access (Network)....Enabled

Wireless Access (Direct Point)….Disabled

Bonjour ....Disabled

IPsec (Data Security 10 Option)….Disabled

TCP/IP Communication....All IP Ranges



FTP Server (Reception)....Disabled


IPP over SSL....Disabled

IPP Security....Secure Only

IPP Authentication...Disabled


WSD Print....Disabled

POP3 (E-mail RX)....Disabled

SMTP (E-mail TX)….Enabled

SMTP (Email TX) - SMTP Security….SSL/TLS Set

SMTP (Email TX) Cert Auto Verification….Validity Period

SMTP (Email TX) Hash….SHA2.Enable

FTP Client (Transmission)....Disable

FTP Client (Trans) - FTP Encryption TX….Disable

FTP Client (Trans) - Certify Auto Verification....Disable

FTP Client (Trans) - Hash….SHA2.Disabled

SMB (Send Only No Server)….Disabled

WSD Scan....Disabled

DSM Scan....Disabled


eSCL over SSL....Disabled





HTTPS - HTTPS Certificate….Enabled (Device Certificate)

HTTP(Client/Server ) Certify Auto Verify….Validity Period

HTTP(Client/Server) - Hash….SHA2.Enable

Enhanced WSD....Disabled

Enhanced WSD over SSL...Enabled

Enhanced WSD over SSL Certificate….Enabled (Device Certificate)





REST over SSL....Enabled


VNC(RFB) over SSL...Disabled

Enhanced VNC(RFB) over SSL….Enabled

OCSP/CRL Settings...Default Value


Display Jobs Detail Status….Hide All

Display Jobs Log....Hide All

Address Book....Administration Only

One Touch Key....Administration Only

Admin Authentication on Firmware Update….Enabled

TLS Version....1.2/1.3 Enabled

Encryption....AES; AES-GCM: Setting value, CHACHA20/POLY1305: Setting value

Hash.....SHA-2 Enabled

HTTP Security....Secure HTTPS

Enhanced WSD Security….Enhanced WSD over SSL

Local Authorization….Disabled

Guest Authorization....Disabled

Simple Login....Disabled

Guest Authorization Settings….Disabled

Simple Login Settings….Disabled

Unknown User Settings….Reject

All Job/Error / Status Logs History….Set

Remote Services ....Disabled

Remote Operations....Disabled

Google Cloud Print Settings….Disabled

Allow listing....Enabled

Seiko Epson Corp.
Epson Workforce Enterprise Series Firmware
6/1/2022 1:24:46 PM
6/1/2024 12:00:00 AM
Device Penetration
Epson Workforce Enterprise Series


Enable Network Scan: ON



Wi-Fi: OFF

Email Server Secure Connection: START TLS

Email Server Authentication Method Password: up to 31 characters

Kerberos Settings: NONE

Use Microsoft network sharing: ON (SMB 1.0 and SMB/SMB3 can be disabled individually)


Network Security

WSD Settings Enable WSD: ON

LPR Settings Allow LPR Printing: ON

Allow RAW (Port 9100) Printing: ON

Allow RAW (Custom Port) Settings: OFF

Enable IPP: ON

Enable FTP Server: OFF

Enable SNMPv1/v2c: OFF

Enable SNMPv3: ON

SNMPv3 Authentication Settings Algorithm: MD5 / SHA-1


IPsec/IP Filtering: ON


Product Security

Enable Access Control: ON

Allow printing and scanning without authentication information from a computer: OFF

Prohibit user from canceling other user’s job: ON

External Interface(USB) Memory Device: OFF

Audit Log Setting: ON

Password Policy Minimum Password Length: ON

Panel Lock: ON

Printer Lockout Operation Time Out: ON

Job History: REQUIRE LOGIN TO VIEW JOBS (administrator only)

System Plug-in Settings: OFF

Data Encryption: ON (all information stored on internal hard drive is always encrypted and cannot be disabled)

Brother International Corp.
Brother Security Firmware v1.x
6/1/2022 2:14:04 PM
6/1/2024 12:00:00 AM
Device Penetration
Brother Security Firmware v1.x
Brother MFC-J5955DW / MFC-J6955DW Series

Administrative Protocols               

Web Based Management:  ON (using only HTTPS Port 443)

SNMP: ON (using only SNMP v3)


Print Protocols                 


Port 9100 (Raw Port):  OFF

IPP:  ON (using only HTTPS Port 443)

AirPrint:  ON

Mopria:  ON (if using)

Web Services: OFF

Proxy:  OFF


Miscellaneous Protocols                

Network Scan:  ON

PC Fax Receive:  ON


Network Protocols                         

POP3/IMAP4/SMTP Client:  ON (using SMTP-AUTH, TLS)

SMTP Server:  OFF

FTP Server:  OFF

FTP Client:  ON (using TLS)



WebDAV:  ON (using TLS)

SMB (CIFS):  ON (using only SMBv3)




SNTP:  ON                          


Other Settings                                

TLS Protocol (Server):  TLS 1.2

TLS Protocol (Client):  TLS 1.2

CA certificate:  Import related root/intermediate CA certificate

Client Key Pair:  Create client public and private key

Server Public Key:  Import server public key