PRODUCT Security

Epson Security Statement

The increasing diversification of workspaces and growing complexity of network environments makes stringent security protocols for printers, multifunctional printers and scanners more important than ever. To ensure security for all its customers, Epson uses unified security frameworks and consistent methodologies throughout the design and delivery of all its products, from receipt printers to large format printers and scanners.

To protect our customers’ information assets against increasingly sophisticated threats affecting printers, multifunctional printers and scanners, Epson implements optimal security measures on both the software and hardware levels across the entire cycle from product design to its development, production, distribution, and maintenance.

Concept of security at
each stage of the product life cycle

To provide more security for our customers, at Epson, we closely examine different usage conditions for each product category and implement endpoint security throughout the entire cycle from product design to its development, assessment, manufacturing, distribution, and maintenance.

  • Planning
    At the product planning stage, we continuously monitor the newest security trends and potential vulnerabilities. We also listen to our customers’ requests, identifying and analyzing security-related requirements. This way, we eliminate potential problems in our products before any risks can materialize.
  • Development
    Using our original common platforms and technologies cultivated throughout the development of a wide range of products, from office/home printers to commercial/industrial small and large format printers and scanners, we strive to enhance the protection against security risks.
  • Assessment
    In addition to thorough in-house testing, we also involve third-party organizations for objective security assessment. With our strict security verification system, we conduct the assessment from different angles to ensure high security for our products.
  • Manufacturing
    To ensure the highest quality of our manufacturing operation, we have implemented a thorough information asset management system at our factories, where we install software that enables the functionality of our products.
  • Sales
    We are committed to supporting our customers by proposing and implementing solutions to minimize security risks depending on the use environment and operational conditions. We also make sure to quickly address any vulnerabilities that may arise after the installation of our products.
    When products need to be replaced and disposed of, we make sure to reset the devices to the factory default settings to prevent confidential information leaks.
  • Maintenance
    We quickly respond to security-related issues and concerns reported by clients who purchase our products.
Epson's proprietary printer/scanner SoC and firmware platform technology protects customer information and products from security threats

At Epson, we developed our own multi-core printer/scanner SoC and combined it with our original firmware that optimally handles various processes, such as mechanical control and image processing, to create a platform with excellent performance and safety. By separating the communication unit, which has a particularly high security risk, from other information processing units, we prevent external unauthorized access and protect our customers' important information.

Security threats and
the corresponding countermeasures
POS Printer
Label Printer
Large Format Inkjet Printer
AM-C6000/C5000/C4000
01
02
03
04
05
06
AM-C6000/C5000/C4000
01
Threat
Manipulation of the control panel by a malicious third party
Countermeasure

・Restricted access to print, scan, copy, and fax functions You can limit the scope of functions (such as print, scan, copy, fax) accessible by each user.
Allowing access only to the functions minimally necessary to the user’s duties helps minimize the risks of unauthorized browsing and leaks of document data.

・User authentication in conjunction with access restriction to certain functions User authentication can be carried out by password input or by using authentication devices such as ID card readers. You can limit which user can access each of these functions.

・Logging and auditing You can keep a record of print, copy, scan, fax transition/reception, and configuration changes, which can all be stored in an audit log on the device.
Regular review of the audit log allows for early detection of any unauthorized use and follow-up investigation after occurrence of any security-related incidents.

ET-5850/ET-5800
01
02
03
04
05
06
ET-5850/ET-5800
01
Threat
Theft of confidential information from communication data, data tampering.
Countermeasures

・IPsec/IP filtering (Security Architecture for Internet Protocol/Internet Protocol filtering) IPsec protocol encrypts communications between the printer and a computer or user, protecting the data from leaking. IP filtering determines if the incoming communication is correct based on the IP address and prevents unauthorized access by filtering out the incoming communication from unauthorized terminal devices.

・IEEE 802.1X authentication Our devices support IEEE 802.1X, an authentication standard that prevents unauthorized devices from being able to connect to a LAN network. It allows using the device in a network environment requiring high security.

ET-2850
01
02
03
04
05
ET-2850
01
Threat
Theft of information via USB access, computer virus infections.
Countermeasures

・Enabling/disabling USB connection to a computer USB access from a computer to the device can be disabled.

・Addressing virus intrusions through USB memory Since there is no functionality to run a program from a USB memory, there is no risk of viruses being transmitted from a USB memory to the device.

TM-T88VII
01
02
03
TM-T88VII
01
Threat
Data theft from storage media installed inside the device
Countermeasures

・Password encryption and password policies The customer password saved in the device is encrypted to protect it from leaks. This password is required to set the device network and TM-i functions.

・Disposal of receipt data The receipt data (print data), used for business operations, is deleted after printing to protect your clients’ purchase data from leaks and tampering. However, the customized settings and information, such as your company’s logo and coupon data, are recorded in non-volatile memory and retained even after printing or while rebooting.

・User data initialization and resetting to factory defaults When disposing of or moving a device to another location, all the configurations and data recorded in the unit (stored in non-volatile memory) are reset to factory defaults (initialized) to prevent leaks of information, such as the logo and print settings.

CW-C4000 Series
01
02
03
04
05
CW-C4000 Series
01
Threat
Manipulation of the control panel by a malicious third party
Countermeasures

・Restricted access to the control panel The range of functions available through the control panel can be limited for each device.
Allowing access only to the functions minimally necessary to the operator’s duties helps reduce the risks of unauthorized manipulation of the device settings or data transmission settings.

SC-P8550DM/SC-T7750DM
01
02
03
04
05
06
SC-P8550DM/SC-T7750DM
01
Threat
Manipulation of the control panel by a malicious third party
Countermeasure

・Restricted access to print, scan, copy functions You can limit the scope of functions (such as print, scan, copy) accessible by each user.
Allowing access only to the functions minimally necessary to the user's duties helps minimize the risks of unauthorized browsing and leaks of document data.

・User authentication in conjunction with access restriction to certain functions User authentication can be carried out by password input or by using authentication devices such as ID card readers. You can limit which user can access each of these functions.
*1 Authentication devices such as IC card readers are required separately.

・Logging and auditing You can keep a record of print, copy, scan, fax transition/reception, and configuration changes, which can all be stored in an audit log on the device.
Regular review of the audit log allows for early detection of any unauthorized use and follow-up investigation after occurrence of any security-related incidents.

DS-800WN/DS-900WN
01
02
03
04
05
06
DS-800WN/DS-900WN
01
Threat
Manipulation of the control panel by a malicious third party
Countermeasure

・Restricted access to scan functions You can limit the scope of the scan function accessible by each user.
Allowing access only to the functions minimally necessary to the user’s duties helps minimize the risks of unauthorized browsing and leaks of document data.

・User authentication in conjunction with access restriction to certain functions User authentication can be carried out by password input or by using authentication devices such as ID card readers. You can limit which user can access each of these functions.
*1 A separate authentication device such as an IC card reader is required.

・Logging and auditing You can keep a record of print, copy, scan, fax transition/reception, and configuration changes, which can all be stored in an audit log on the device.
Regular review of the audit log allows for early detection of any unauthorized use and follow-up investigation after occurrence of any security-related incidents.

Some models do not support these features.
For detailed information, please consult your sales representative.

Initiatives inthird-party evaluation of product security

At Epson, we involve independent third-party organizations in the product security assessment to objectively verify the security functions of our products. At the same time, we also strive to predict potential future risks and introduce improvements to prevent them.

ISO15408/IEEE2600.2™
ISO/IEC 15408-certified products comply with IEEE Std.2600.2™-2900, the international standard for information security. The CCRA certification mark indicates that the product assessment was conducted in accordance with the “Japan Information Technology Security Evaluation and Certification Scheme” and that the assessment results were verified. This certification mark does not guarantee that the product has no vulnerabilities and is equipped with all security features necessary to operate within a particular operational environment.
Certifi-cation # Supplier TOE Name for Overseas Certifica-tion Date Conformance Claim/PP Recogn-ized By
C0728 Seiko Epson Corp. EPSON LX-10020M/WF-M21000 2021-08 PP(U.S. Government Protection Profile for Hardcopy Devices Version 1.0 (IEEE Std. 2600.2™-2009)
C0700 Seiko Epson Corp. EPSON LX-10050MF/LX-10050KF/LX-7550MF/LX-6050MF/WF-C21000/WF-C20750/WF-C20600 2021-01 PP(U.S. Government Protection Profile for Hardcopy Devices Version 1.0 (IEEE Std. 2600.2™-2009)
C0602 Seiko Epson Corp. LX-10000F/LX-7000F/WF-C20590/WF-C17590 2.00 2018-06 PP(U.S. Government Protection Profile for Hardcopy Devices Version 1.0 (IEEE Std. 2600.2™-2009)
C0803 Seiko Epson Corp. EPSON LM-C6000/LM-C5000/LM-C4000/AM-C6000/AM-C5000/AM-C4000 2023-12 PP(U.S. Government Protection Profile for Hardcopy Devices Version 1.0 (IEEE Std. 2600.2™-2009)
C0832 Seiko Epson Corp. EPSON LM-C400 / AM-C550 / AM-C400 with FAX 1.00 2024-11-19 U.S. Government Approved Protection Profile - U.S. Government Protection Profile for Hardcopy Devices Version 1.0 (IEEE Std. 2600.2™-2009)
IoT Security Validation Testing Program
This means that the product has passed the “Device Penetration” testing under the “IoT Security Validation Testing Program” conducted by Keypoint Intelligence - BLI (Buyers Lab), an independent assessment agency in the United States.
Not all models have this certification.
https://keypointintelligence.com/security-validation

BMSec (only within Japan)
This means that the product security complies with the “Business Machine Security Program” (BMSec) scheme developed by the JBMIA (Japan Business Machine and Information System Industries Association).

Not all models have this certification.

To ensure security when using our products

Before using the device, you must change the default factory configuration settings to suit your environment. Especially, make sure to implement the appropriate security measures related to the administrator passwords, internet connection, and wireless LAN network connection settings.

Administrator passwords

We highly recommend configuring individual passwords for each administrator user during the initial device set-up. If you keep the default factory settings or do not set the administrator passwords, there will be a risk of unauthorized access and modification of the configurations and data stored in the device. There will also be a risk of leaking IDs, passwords, personal information from the address book, and confidential information.

Connecting to the internet

Do not connect printers, multifunctional printers and scanners directly to the internet. Instead, install them within a firewall-protected network. We also recommend setting up a private IP address. If you connect printers, multifunctional printers and scanners to the internet directly, your networks may become subject to unexpected security risks, such as unauthorized data manipulation and leaks.

Wireless LAN networks

When using wireless LAN networks, make sure to implement the appropriate security measures.
Wireless LAN allows you to receive transmitted data from computers and smartphones using radio waves, so you can freely access the network within reach of the radio waves. However, if you do not properly configure the security settings, the transmitted data may be intercepted and accessed without authorization by a malicious third party.  

Security software

Reduces the security risks associated with leaving printed documents unattended.
01
Issue

Printed documents were accidentally left unattended next to the printer. As a result, important information was exposed to a third party.

icon
02
Proposed solution

Epson Print Admin /
Epson Print Admin Serverless

Require authentication using an IC card to ensure the printing is done in the presence of an authorized person

icon
03
Implementation
results

Because the print command is performed after the authentication has been carried out in front of the multi-functional printer (MFP), this helps prevent leaving the printed documents unattended.

Since an authorized person is present during printing, this prevents the documents from being mistakenly taken away by a third party.

icon
Authenticated printing flow
Reduce security risks
by limiting access to a selected number of users.
01
Issue

There is a risk of information leaks when people use functions unrelated to their duties.

Having employees on different types of contracts risks internal documentation leaks.

icon
02
Proposed solution

Epson Print Admin /
Epson Print Admin Serverless

Limit the operation of multi-functional printers (MFPs) to registered users

icon
03
Implementation
results

Limiting access to selected MFP functions for registered users can prevent leaks by reducing inappropriate MFP operations.

icon

Bulk firmware update

Use the latest firmware versions for the safety and security of your devices.

01
Issue

Concerns related to device security risks and vulnerabilities. How to make sure that the device firmware is up to date to prevent security threats.

icon
02
Proposed solution

Epson Device Admin

Whenever there is a need for a firmware update for any Epson printers, multifunctional printers and scanners, it can be done automatically.

icon
03
Solution

You can remotely check and update the firmware on all devices. We offer an environment that allows you to identify the devices that require an update, keeping all your device firmware up to date so that you can safely use your devices and be protected from security threats.

icon

Please consult your sales representative for information regarding supported models.

Other information