7
• Deselect [Allow access to job log data].
z). The Admin Password Reset security feature should be disabled to be consistent with the evaluated configuration. To disable
this feature from the Web UI:
• Select the Properties tab.
• Select the following entries from the Properties 'Content menu’: Security Æ Admin Password Æ Reset Policy tab.
• Select the [Disable Password Reset] button.
• Select the [Apply] button. This will disable the Admin Password Reset feature.
aa). The Custom Services (Extensible Interface Platform or EIP) feature should be disabled to be consistent with the evaluated
configuration. To disable this feature from the Web UI:
• Select the Properties tab.
• Select the following entries from the Properties 'Content menu’: Connectivity Æ Protocols Æ HTTP Æ Web Services
tab.
• Make sure that the [Enable] checkbox associated with the Extensible Service Registration entry under Remote System
Management is not selected.
• Select the [Apply] button. This will ensure that Custom Services are disabled on the device.
bb). Network Accounting and Auxiliary Access should both be disabled to be consistent with the evaluated configuration. To
disable Network Accounting and Auxiliary Access from the Local UI:
• Select the [Machine Status] tab and then the [Tools] button. This will access the Tools Pathway.
•
Select the following buttons from the Tools Pathway: Accounting Settings Æ Accounting Mode.
• Make sure that neither the [Network Accounting] button nor the [Auxiliary Access] button is selected. From a security
perspective it does not matter whether the [None] or the [Xerox Standard Accounting] option is selected.
• Select the [Save] button. This will ensure that Network Accounting and Auxiliary Access are both disabled on the device.
cc). In the evaluated configuration for embedded fax Xerox strongly recommends that the Secure Receive option be enabled
6
,
that the Local Polling option be disabled and that embedded fax mailboxes be used whenever practical to store fax jobs.
• To enable Secure Receive from the Local UI follow the instructions under “Enabling or Disabling the Secure Fax Feature”
on page 122 of the SAG. Make sure that the [Enable] button is selected.
• Local Polling should be disabled in the evaluated configuration. To disable Local Polling from the Local UI follow the
instructions for Steps 1, 2 and 5 under “Storing a Fax for Remote Polling” on pages 127-128 of the SAG. Make sure that
the Local Polling option is set to the [Off] (which is the default setting) on the Local Polling screen.
• To set up Embedded Fax mailboxes from the Local UI follow the instructions under “Fax Mailboxes” starting on page
124 of the SAG. Make sure that the passcode selected for a newly created mailbox is not the default value of ‘0000’.
• The Mailbox and Polling Policy should be set to delete received faxes when they are printed. To set the Mailbox and
Polling Policy follow the instructions under “Defining Mailbox and Polling Policies” on page 129 of the SAG. Makes sure
the ‘Delete on Print’ option is selected.
dd). Xerox strongly recommends that any print job submitted to the device from a client or from the WebUI be submitted as a
secure print job.
ee). To maintain the certified configuration, Xerox recommends that acceptance of customer software upgrades via the network
be disabled. To disable software upgrades via the network from the WebUI:
• Select the Properties tab.
• Select the following entries from the Properties 'Content menu’: General Setup Æ Machine Software Æ Upgrades.
• Make sure that the [Enable] checkbox associated with the Upgrades entry is not selected.
• Select the [Apply] button. This will ensure that software upgrades via the network are disabled on the device.
ff). Change the Administrator password as soon as possible. Reset the Tools password periodically.
Xerox recommends that you (1) set the Administrator password to a minimum length of eight alphanumeric characters, (2)
change the Administrator password once a month and (3) ensure that all passwords are strong passwords (e.g., passwords
use a combination of alphanumeric and non-alphanumeric characters; passwords don’t use common names or phrases,
etc.).
For directions on how to change the Tools password, follow the “Changing the System Administrator Password” instructions
on page 17 in the SAG.
6
This will apply to any received fax, including faxes that are remotely polled to the device from another remote fax machine or remote device.