Settings” under “Scanning to an Email Address” in Section 7 of the SAG. Set the ‘Email Encryption Enablement’
option to Always On; Not Editable by user.
• Configure encryption of Scan to Email jobs sent from the device over SMTP by following the instructions for
“Configuring SMTP Connection Encryption Settings” under “SMTP” in Section 3 of the SAG. Set the ‘Email
Signing Enablement’ option to Always On; Not Editable by user.
• Configure authentication of SMTP to send Scan to Email jobs or to forward received Embedded Faxes via email
by following the instructions for “Configuring SMTP Authentication Settings” under “SMTP” in Section 3 of the
SAG.
6. Workflow Scanning:
• When configuring workflow scanning file repositories (see “Configuring File Repository Settings” under
“Workflow Scanning’ in Section 7 of the SAG) or template pool repositories (see “Configuring Template Pool
Repository Settings” under “Workflow Scanning’ in Section 7 of the SAG) set the transfer protocol to be either
HTTPS or SFTP.
d. The following features and protocols are not included in the evaluated configuration:
• Reprint from Saved Job
• SMart eSolutions
• Custom Services (Extensible Interface Platform or EIP)
• Network Accounting and Auxiliary Access
• Internet Fax
• Use of Embedded Fax mailboxes
• NTP
• USB Direct Printing
• AppleTalk and Novell IPX protocols
• Web Services
• McAfee
®
Embedded Control (a ConnectKey feature)
• Remote Control Panel (a ConnectKey feature)
e. Customer software upgrades via the network are not allowed as part of the evaluated configuration. System software
upgrades are disabled by default to prevent unauthorized replacement of the system software. Administrators should
only enable software upgrades when performing an upgrade, and software upgrades disable when complete. Software
upgrades can be enabled/disabled by following the instructions for ‘Enabling Upgrades’ under ‘Updating the Printer
Software’ in Section 10 of the SAG.
II. Secure Acceptance:
Secure acceptance, once device delivery and installation is completed, should be done by:
• Printing out a Configuration Report from the Web UI by following the “Printing the Configuration Report” instructions
under “Initial Setup in CentreWare Internet Services” in Section 2 of the SAG, or from the Control Panel by following the
“Configuration Report” instructions under “Configuration Page” in Section 3 of the SAG.
• Comparing the software/firmware versions listed on the Configuration Report with the Evaluated Software/Firmware
versions listed in Table 2 of the Xerox Multifunction Device Security Target WorkCentre 5845, 5855, 5865, 5875, 5890,
7220, 7225, 7830, 7835, 7845, 7855, 7965, 7975 & ColorQube 9301, 9302, 9303, latest version issued and make sure
that they are the same in all cases.
• Following internal customer policies and procedures required to evaluate and install devices in your environment.
III. Secure Operation of Device Services/Functions Part of the Evaluated Configuration
a. Change the following passcodes on a regular basis, chosen passcodes to be as random as possible and set them to the
indicated minimum lengths:
• Smart Card or CAC passcode – 8 characters (alphanumeric)
• Secure Print passcode – 6 digits
• (Embedded Fax) Secure Receive passcode – 6 digits
• Scan To Mailbox password – 8 characters (alphanumeric)
Passcodes for Scan-to-Mailbox mailboxes should be selected to be as random as possible and should be changed on a
regular basis, consistent with applicable internal policies and procedures.
b. Authentication passwords for unique user accounts established for users should be set to a minimum length of 8
(alphanumeric) characters unless applicable internal procedures the System Administrator must comply with require a
To Next Page
Loading...
