FleetView Security Overview
The application developer is committed to providing products that are secure for use in all network environments. The Data Collector Agent (DCA) only collects the critical imaging device metrics necessary to manage a printing environment, and never collect any personal or user information.
This document discusses network and information security as it relates to the Data Collector Agent application. It will also explain why using the application will not impact compliance with the following laws:
- Health Insurance Portability & Accountability Act (HIPAA)
- Sarbanes-Oxley
- Gramm-Leach-Bliley Act (GLBA)
- Federal Information Security Management Act (FISMA)
Data Collector Agent Application
The DCA is an application that is installed on a non-dedicated networked server at each location where imaging device metrics are to be collected.
The DCA runs as a Windows® service (or, optionally, a scheduled task), allowing it to operate 24 hours a day, 7 days a week.
The DCA attempts to collect the following information from printing devices during a network scan:
| IP address (can be masked) | Toner cartridge serial number |
| Device description | Maintenance kit levels |
| Serial number | Non-toner supply levels |
| Meter reads | Asset number |
| Monochrome or color identification | Location |
| LCD reading | MAC address |
| Device status | Manufacturer |
| Error codes | Firmware |
| Toner levels | Miscellaneous (machine specific) |
No print job or user data is collected
Data collection and transmission methods
The DCA collects imaging device metrics at a specified interval using SNMP, ICMP, and HTTP; it then transmits the data to the centralized database via HTTPS (port 443).
Optional remote updates
The DCA contains an optional remote update feature, which is activated by enabling the Health Check and Intelligent Update options. Health Check will periodically ensure that the DCA service is operating, and if not, it will restart the DCA service. Intelligent Update allows the DCA to check for and receive software updates and DCA configuration changes posted by the FleetView server. These features are enabled and disabled at the end user site, and are not required.
Network traffic
The network traffic created by the DCA is minimal, and will vary depending on the number of IP addresses being scanned. The table below outlines the network load associated with the DCA compared to the network load associated with loading a single standard webpage.
Network Byte Load Associated with the DCA
| Event | Approximate Total Bytes |
| Loading a single standard webpage | 60,860 |
| DCA scan, blank IP | 5,280 |
| DCA scan, 1 printer | 7,260 |
| DCA scan, 1 printer, 1 subnet | 96,300 |
| DCA scan, network of 13 printers | 111,530
|
Health Insurance Portability & Accountability Act (HIPAA) Compliance
The use of the FleetView application will not have an impact on compliance with the Health Insurance Portability & Accountability Act (HIPAA) for covered entities. The FleetView application does not collect, house, or transmit any information regarding the content of print jobs, and thus have no way of accessing, housing, or transmitting electronic protected health information (ePHI) as defined by HIPAA.
For more information about HIPAA, visit
http://www.hhs.gov/ocr/hipaa/
Sarbanes-Oxley Act Compliance
The FleetView application is not intended to be used as part of an internal control structure as outlined in Section 404: Management Assessment of Internal Controls, but will not interfere with these controls.
Information Technology controls are an important part of complying with Sarbanes-Oxley. Under this Act, corporate executives become responsible for establishing, evaluating, and monitoring the effectiveness of internal control over financial reporting. There are IT systems in the market that are designed specifically for meeting these objectives. The FleetView application is not designed as an IT control system, but will not interfere or put at risk other systems that are intended for that purpose.
For more information about Sarbanes-Oxley, visit http://thecaq.aicpa.org/Resources/Sarbanes+Oxley/
Gramm-Leach-Bliley Act (GLBA) Compliance
The FleetView application will not have an impact on compliance with the Gramm-Leach-Bliley Act (GLBA) for covered entities. The FleetView application does not collect, house, or transmit any information regarding the content of print jobs, and thus has no way of accessing, housing, or transmitting customers’ personal financial information, even if this information is printed or otherwise sent to print devices monitored by the FleetView application.
For more information about the Gramm-Leach-Bliley Act, visit http://www.ftc.gov/privacy/privacyinitiatives/glbact.html
Federal Information Security Management Act (FISMA) Compliance
The FleetView application is not intended to be part of an internal control system for FISMA, but will not interfere with these controls.
The FleetView application will not have an impact on compliance with the Federal Information Security Management Act (FISMA) for covered entities. The FleetView application does not collect, house, or transmit any information regarding the content of print jobs, and thus has no way of accessing, housing, or transmitting high risk information, even if this information is printed or otherwise sent to print devices monitored by the FleetView application.
For more information about the Federal Information Security Management Act, visit http://csrc.nist.gov/groups/SMA/fisma/index.html