Xerox® Security Guide for Entry Production Color Class Products
March 2019 Page 1-1
Table of Contents
1 INTRODUCTION ................................................................................................................................ 1-3
PURPOSE ................................................................................................................................................. 1-3
TARGET AUDIENCE ................................................................................................................................... 1-3
DISCLAIMER .............................................................................................................................................. 1-3
PHYSICAL COMPONENTS ........................................................................................................................... 1-3
ARCHITECTURE ......................................................................................................................................... 1-4
USER INTERFACE ...................................................................................................................................... 1-4
SCANNER ................................................................................................................................................. 1-4
MARKING ENGINE ..................................................................................................................................... 1-4
CONTROLLER ........................................................................................................................................... 1-5
OPTIONAL EQUIPMENT .............................................................................................................................. 1-5
2 USER DATA PROTECTION .............................................................................................................. 2-7
USER DATA PROTECTION WHILE WITHIN PRODUCT ...................................................................................... 2-7
USER DATA IN TRANSIT ............................................................................................................................. 2-8
3 NETWORK SECURITY .................................................................................................................... 3-10
TCP/IP PORTS & SERVICES .................................................................................................................... 3-10
NETWORK ENCRYPTION .......................................................................................................................... 3-11
NETWORK ACCESS CONTROL .................................................................................................................. 3-16
CONTEXTUAL ENDPOINT CONNECTION MANAGEMENT ............................................................................... 3-17
FIPS140-2 COMPLIANCE VALIDATION...................................................................................................... 3-17
ADDITIONAL NETWORK SECURITY CONTROLS .......................................................................................... 3-17
4 DEVICE SECURITY: BIOS, FIRMWARE, OS, RUNTIME, AND OPERATIONAL SECURITY
CONTROLS ............................................................................................................................................. 4-19
FAIL SECURE VS FAIL SAFE..................................................................................................................... 4-19
PRE-BOOT SECURITY.............................................................................................................................. 4-20
BOOT PROCESS SECURITY ...................................................................................................................... 4-20
RUNTIME SECURITY ................................................................................... ERROR! BOOKMARK NOT DEFINED.
EVENT MONITORING & LOGGING ............................................................................................................. 4-20
OPERATIONAL SECURITY ......................................................................................................................... 4-21
BACKUP & RESTORE (CLONING) .............................................................................................................. 4-21
EIP APPLICATIONS .................................................................................................................................. 4-21
5 CONFIGURATION & SECURITY POLICY MANAGEMENT SOLUTIONS ..................................... 5-22
6 IDENTIFICATION, AUTHENTICATION, AND AUTHORIZATION .................................................. 6-23
AUTHENTICATION .................................................................................................................................... 6-23
AUTHORIZATION (ROLE BASED ACCESS CONTROLS) ................................................................................ 6-25
7 ADDITIONAL INFORMATION & RESOURCES .............................................................................. 7-26
SECURITY @ XEROX® ............................................................................................................................ 7-26
RESPONSES TO KNOWN VULNERABILITIES ............................................................................................... 7-26
ADDITIONAL RESOURCES ........................................................................................................................ 7-26
APPENDIX A: PRODUCT SECURITY PROFILES ................................................................................ 7-27
VERSANT® 80/180 ................................................................................................................................ 7-28
VERSANT® 2100/3100 ........................................................................................................................... 7-31