Xerox D Series User Manual

Discloses information for Xerox Copier/Printer products regarding product security.

Xerox field personnel and customers concerned with IT security.

Information provided without warranty; Xerox not liable for damages from use or disregard.

Describes the common architecture of Legacy and D-Series Copier/Printer products.

Describes the interface for user interaction and configuration management.

Explains how the scanner converts documents from hardcopy to electronic data.

Details the components responsible for paper feeding, image marking, fusing, and finishing.

Manages document processing, network functions, and I/O communications.

Describes optional components like Fax, NFC Reader, Smart Card, Foreign Product Interface.

Details security controls protecting user data resident within the product.

Explains AES-256 encryption for data processing and storage.

States that Legacy and D-Series products do not contain a TPM chip.

Describes secure erasure methods compliant with NIST SP 800-88 Rev1.

Explains the IIO feature for automatic overwriting of temporary files.

Focuses on protecting data submitted to or sent from the product.

Details secure transmission of print jobs using IPPS (TLS) and Xerox Print Stream Encryption.

Covers secure scanning to external locations via HTTP, FTP, SMB, SMTP.

Describes scan data transfer to USB, noting filesystem encryption is not supported.

Discusses Xerox App Gallery security, noting it's beyond document scope.

Overview of inbound/outbound communications and supported ports.

Details encryption protocols like IPSec for secure packet-level communication.

Specifies IPSec support for IPv4/IPv6, authentication methods, and transport modes.

States that products do not offer a wireless network connector option.

Confirms support for TLS 1.2 across various product interfaces.

Explains digital certificates, their data, and types used for identity verification.

Details support for CA signed and self-signed certificates, including bit length and hashes.

Describes importing public certificates for validation of external products.

Covers configurable checks for OSCP, CRL, path, expiration, and trusted CA.

Details S/MIME for email authentication, integrity, non-repudiation, and encryption.

Explains SNMPv3 security features: message integrity, authentication, and encryption.

Describes 802.1X authentication for product connection to network authenticator.

Details Cisco ISE's role in security policy enforcement and Xerox product profiling.

Discusses managing endpoints contextually using Cisco TrustSec and SG-ACLs.

Explains product validation of cryptographic modules for FIPS 140-2 compliance.

Indicates further network security controls are discussed in following sections.

Describes IP Whitelisting support for IPv4/IPv6, allowing specific addresses.

States that stateful packet inspection is not supported.

Details BIOS inaccessibility, secure modification via signed firmware, and fail-secure design.

Explains AES encryption of configuration settings and user data with unique keys.

Covers firmware integrity verification using digital signatures and whitelists.

Highlights the Audit Log feature for recording security-related events.

Covers firmware delivery methods (USB, Network, Remote Services) and access controls.

Allows creation of an independent password for service technicians.

Explains service procedures, isolation from networks, and secure connections.

Describes capturing system settings in 'clone' files for deployment to similar systems.

Discusses Xerox Extensible Interface Platform (EIP) and preventing unauthorized app installation.

Covers single and multi-factor authentication modes supported by products.

Details using the local user database for credential validation and feature authorization.

Defines configurable password attributes like minimum length and complexity.

Explains validation of user credentials by remote servers for network authentication.

Describes 802.1X authentication process for product connection to the LAN port.

Details two-factor security using Smart Cards, reader hardware, and plugins.

Covers third-party solutions for authentication via identification cards or key fobs.

Describes simple authentication for environments where it's not required, for customization only.

Explains granular control of user permissions via RBAC and ACLs.

Discusses viewing basic info remotely and restricting access to device website pages.

Covers viewing basic info locally and restricting access to device settings.

Details SMB authentication methods like NTLMv2, NTLMv1, LM, and PLAIN.

Explains LDAP authentication modes (Direct Login, Search & Login) and risks.

Details authentication via secure channel using Secure Access Authentication server and TLS.

Provides a link to Xerox's evergreen public web page for the latest security information.

Details the Xerox Vulnerability Management and Disclosure Policy.

Lists various security resources like FAQs, certified products, and update bulletins.

Provides physical overview and security details for Legacy EPS printer models.

Details interfaces and their security implications for printers.

Covers AES-256 encryption and Media Sanitization for printers.

Provides physical overview and security details for Legacy Copier/Printer models.

Details interfaces and their security implications for copier/printers.

Covers AES-256 encryption and Media Sanitization for copier/printers.

Provides physical overview and security details for D-Series models.

Details interfaces and their security implications for D-Series.

Covers AES-256 encryption and Media Sanitization for D-Series.

Details storage types for user data and configuration on D-Series controllers.

Lists D-Series controller HDD partitions, size, and clearing process.

Lists D-Series controller volatile memory types and their clearing/volatility.

Lists security events for Xerox Legacy products, including ID, Event, and Description.

Lists security events for D-Series products, including ID, Event, and Description.