Xerox® Security Guide for Entry Production Color Class Products
March 2019 Page 3-17
o Prevent impersonation (aka spoofing) of a printer/MFP
o Automatically prevent connection of non-approved print products
o Smart rules-based policies to govern user interaction with network printing products
Provide simplified implementation of security policies for printers and MFPs by:
o Providing real time policy violation alerts and logging
o Enforcing network segmentation policy
o Isolating the printing products to prevent general access to printers and MFPs in
restricted areas
Automated access to policy enforcement
Provide extensive reporting of printing product network activity
Versant 80 Press, Versant
180 Press
Versant 2100 Press,
Versant 3100 Press
Color 800/1000 Presses,
Color 800i/1000i Presses
Contextual Endpoint Connection Management
Traditionally network connection management has been limited to managing endpoints by IP address and
use of VLANs and firewalls. This is effective, but highly complex to manage for every endpoint on a
network. Managing, maintaining, and reviewing the ACLs (and the necessary change management and
audit processes to support them) quickly become prohibitively expensive. It also lacks the ability to
manage endpoints contextually.
Connectivity of Versant® and ColorPress® devices can be fully managed contextually by Cisco
TrustSec. TrustSec uses Security Group Tags (SGT) that are associated with an endpoint’s user, device,
and location attributes. SG-ACLs can also block unwanted traffic so that malicious reconnaissance
activities and even remote exploitation from malware can be effectively prevented.
FIPS140-2 Compliance Validation
When enabled, the product will validate its current configuration to identify cryptographic modules in use.
Modules which are not FIPS 140-2 (Level 1) compliant will be reported.
Versant® products include FIPS compliant algorithms of Kerberos, however an exception can be
approved to run these in non-FIPS compliant mode when configured for non-FIPS algorithms.
Versant® products use encryption algorithms for Kerberos, SMB, and PDF Direct Print Service that are
not approved by FIPS140-2. They can however operate in FIPS140-2 approved Mode in order to
maintain compatibility with conventional products after an exception is approved by a system
administrator. They do not use FIPS compliant algorithms when in this configuration.
Additional Network Security Controls
Additional network security controls are discussed in the following sections.
Endpoint Firewall Options
Versant 80 Press, Versant
180 Press
Versant 2100 Press,
Versant 3100 Press
Color 800/1000 Presses,
Color 800i/1000i Presses
To Next Page
Loading...
