Network Printer Configuration Standards
Health System Technology Services provides centrally maintained network printer support. The objective of this document is to provide standards for printing devices so that the Health System can properly support these devices, ensure that they meet UVa security standards, and provide a standard for procurement of such devices.
Currently acceptable manufacturers / model lines supported are:
- HP LaserJet line
- Canon ImageRunner line (Multi-Function Enterprise class only)
- Ricoh Afficio line (Multi-Function Enterprise class only)
Currently accepted printer models are:
Black & White Network Printing
|Low volume||Medium volume||High volume|
|HP LaserJet M506n||HP LaserJet M607n||HP LaserJet M609n|
Color Network Printing
|Low volume||Medium volume||High volume|
HP Color LaserJet M553dn
|HP Color LaserJet M652n||HP Color LaserJet M653n|
Black & White Multifunction Printers
|low volume||medium volume||high volume|
|HP LaserJet M527dn MFP||HP LaserJet M4345 MFP||HP LaserJet 9050 MFP|
|Ricoh Afficio 2510||Ricoh Afficio 3500||Ricoh Afficio 7500|
|Canon ImageRunner 2270||Canon ImageRunner 3570||Canon ImageRunner 5070|
If a customer wishes to add a printer model not listed above, they must submit a service request to have the HSCS LAN and Consulting groups evaluate the model for compatibility with our network. The evaluation will be based on, at a minimum, the following requirements:
- Printer must be from a supported manufacturer and model line (listed above).
- The device/printer must be network ready with a network interface card (NIC) that is part of the device hardware and not a third party add on. The card must have a fully functional Ethernet port.
- All network attached printers must be manageable through SNMP.
- All devices/printers must have Microsoft-approved printer drivers compatible with 2008 server, Windows XP Professional and Windows 7 Enterprise. The printer driver must be a point and print driver which does not install additional software on the server or the client PC. Either a UPD or compatible 64-bit driver is required.
Printers meeting the above requirements are typically enterprise class devices rather than those marketed for Home or Small Business Workgroups. Printers designed for Home or Small Business Workgroups, in general, are not robust enough for enterprise printing solutions. Maintaining these printers and their associated print queues oftentimes results in time and labor expenses that far exceed that of enterprise class printers.
Security Standards and Configuration
- All printers should be placed on the Secure Clinical Subnet (10. network) rather than the public (128. or 172. networks). This provides a measure of security and helps prevent unauthorized access or attacks from outside the Health System. If a printer is used for output containing ePHI, the printer must be placed on the Secure Clinical Subnet.
- Unless needed for a specific application, disable the following protocols: IPX/SPX, Appletalk, Telnet, DLC, mDNS, and FTP.
- Set an administrative password to prevent unauthorized web console access. An SNMP Community String other than the default must be set.
- If the printer contains a hard drive, overwrite software must be used if available (to cleanse the drive continually of data once printed). Also, if the printer is leased, upon termination of the lease the hard drive must be destroyed before leaving the Health System. Typically this entails a contractual arrangement whereby the Health System is allowed to keep the drive on a fee basis. See the Surplus Equipment Procedures for more information.
In order to help ensure that these security standards are enforced, HSTS performs weekly scans of their installed printer population on the secure clinical subnet, and any printer found that does not meet the above configuration standards will be updated to meet these standards. Printers installed by vendors may not be able to be scanned in this manner, so it is the responsibility of the vendor to ensure compliance.
Multi-function Printing Functionality
Scanning via email:
Scanning will be supported via utilizing the mail relay method. An HSTS Service Request will need to be entered to request email forwarding for each individual device. The IP address of the multifunction printer will need to be in the request. LDAP support for email address lookup will not be supported.
Phone lines attached to multifunction devices may only be used for sending and receiving faxes. Any other feature on the device that could utilize the phone line must be disabled to maintain the security of the Health Systems network infrastructure.