Security Policy Items

You can check the security policy items and their usage from Remote UI on the [Confirm Security Policy] screen.
The content set on another device or software is applied to the security policy for the machine. Therefore, there may be function items in the security policy that are not available on the machine, but these do not affect the settings or operation of the machine.

[Interface]

[Wireless Connection Policy]
You can disable the wireless connection to prevent unauthorized access.
[Prohibit Use of Direct Connection]
You can prohibit access from mobile devices. [Direct Connection Settings]
[Prohibit Use of Wireless LAN]
You can prohibit wireless access via a wireless LAN router or access point. [Select Wired/Wireless LAN]
 
[USB Policy]
You can disable the USB connection to prevent unauthorized access and data theft.
[Prohibit Use as USB Device]
You can prohibit a computer from connecting to the machine via the USB port. [USB Settings]
[Prohibit Use as USB Storage Device]
As this function is not available on the machine, it is not applied to the security policy.

[Network]

[Communication Operational Policy]
You can require a signature or certificate verification for safer communication.
[Always Verify Signatures for SMS/WebDAV Server Functions]
As this function is not available on the machine, it is not applied to the security policy.
[Always Verify Server Certificate When Using TLS]
This verifies the certificate including Common Name (CN) when using TLS-encrypted communication.
Configuring Detailed Information of the E-mail Server (Remote UI)
Registering LDAP Servers
* This does not apply to communication with an IEEE 802.1X network.
[Prohibit Cleartext Authentication for Server Functions]
You can limit verification information to secure methods only. When you are using the machine as a server, cleartext authentication and functions using cleartext authentication are not available. [Dedicated Port Authentication Method]
* If you are using an older version of the device management software or driver, you may not be able to connect to the machine. Use an updated version.
[Prohibit Use of SNMPv1]
You can prohibit use of SNMPv1 when obtaining device information from a computer. [SNMP Settings]
 
[Port Usage Policy]
You can close unused ports to prevent external intrusion.
[Restrict LPD Port (Port Number: 515)]
You can prohibit printing using the LPD protocol. [LPD Settings]
[Restrict RAW Port (Port Number: 9100)]
You can prohibit printing using the RAW protocol. [RAW Settings]
[Restrict FTP Port (Port Number: 21)]
As this function is not available on the machine, it is not applied to the security policy.
[Restrict WSD Port (Port Number: 3702, 60000)]
You can prohibit the use of functions using the WSD protocol. [WSD Settings]
[Restrict BMLinkS Port (Port Number: 1900)]
As this function is not available on the machine, it is not applied to the security policy.
[Restrict IPP Port (Port Number: 631)]
You can disable certain print functions that use mobile apps and prohibit related printing. Linking with Mobile Devices
[Restrict SMB Port (Port Number: 137, 138, 139, 445)]
As this function is not available on the machine, it is not applied to the security policy.
[Restrict SMTP Port (Port Number: 25)]
As this function is not available on the machine, it is not applied to the security policy.
[Restrict Dedicated Port (Port Number: 9002, 9006, 9007, 9011-9015, 9017-9019, 9022, 9023, 9025, 20317, 47545-47547)]
You can prohibit the use of dedicated ports. [Dedicated Port Settings]
[Restrict Remote Operator's Software Port (Port Number: 5900)]
As this function is not available on the machine, it is not applied to the security policy.
[Restrict SIP (IP Fax) Port (Port Number: 5004, 5005, 5060, 5061, 49152)]
As this function is not available on the machine, it is not applied to the security policy.
[Restrict mDNS Port (Port Number: 5353)]
You can disable mDNS settings (IPv4/IPv6) and certain print functions that use a mobile app. This disables network discovery and automatic settings using mDNS as well as related printing.
[IPv4 Settings]
[IPv6 Settings]
Linking with Mobile Devices
[Restrict SLP Port (Port Number: 427)]
You can disable response to discovery in Multicast Discovery Settings as well as network discovery and automatic settings using SLP. Configuring SLP Communication
[Restrict SNMP Port (Port Number: 161)]
You can prohibit the use of functions using the SNMP protocol. This prohibits the machine from obtaining device information from a computer using SNMP and configuring related settings.
[SNMP Settings]
[Scan with Canon PRINT Business]

[Authentication]

[Authentication Operational Policy]
As this function is not available on the machine, it is not applied to the security policy.
[Password Operational Policy]
As this function is not available on the machine, it is not applied to the security policy.
[Password Settings Policy]
As this function is not available on the machine, it is not applied to the security policy.
[Lockout Policy]
You can prohibit login for a while when the wrong password is entered a certain number of times in a row.
[Enable Lockout]
This enables Lockout. Set the Lockout threshold and Lockout period separately on the machine. [Lockout Settings]

[Key/Certificate]

By preventing weak encryption and encrypting user passwords and keys within a certain hardware, you can protect sensitive data.
[Prohibit Use of Weak Encryption]
You can prohibit the use of weak encryption. [Encryption Settings]
[Prohibit Use of Key/Certificate with Weak Encryption]
You can prohibit the use of keys and certificates with weak encryption.
 
[Use TPM to Store Password and Key]
As this function is not available on the machine, it is not applied to the security policy.

[Log]

As this function is not available on the machine, it is not applied to the security policy.

[Job]

[Printing Policy]
As this function is not available on the machine, it is not applied to the security policy.
[Sending/Receiving Policy]
You can restrict the use of destinations when sending and the processing methods of received data.
[Allow Sending Only to Registered Addresses]
You can prevent users from specifying new destinations. Users can only send data to destinations registered in the Address Book. [Restrict New Destinations]
[Force Confirmation of Fax Number]
As this function is not available on the machine, it is not applied to the security policy.
[Prohibit Auto Forwarding]
As this function is not available on the machine, it is not applied to the security policy.

[Storage]

As this function is not available on the machine, it is not applied to the security policy.
958J-08R