|
Xerox® Security Guide for Entry Production Color Class ProductsMarch 2019 Page 1-1Table of Contents1 INTRODUCTION ................................................................................................................................ 1-3PURPOSE ................................................................................................................................................. 1-3TARGET AUDIENCE ................................................................................................................................... 1-3DISCLAIMER.............................................................................................................................................. 1-3PHYSICAL COMPONENTS ........................................................................................................................... 1-3ARCHITECTURE ......................................................................................................................................... 1-4USER INTERFACE ...................................................................................................................................... 1-4SCANNER ................................................................................................................................................. 1-4MARKING ENGINE ..................................................................................................................................... 1-4CONTROLLER ........................................................................................................................................... 1-5OPTIONAL EQUIPMENT .............................................................................................................................. 1-52 USER DATA PROTECTION .............................................................................................................. 2-7USER DATA PROTECTION WHILE WITHIN PRODUCT ...................................................................................... 2-7USER DATA IN TRANSIT ............................................................................................................................. 2-83 NETWORK SECURITY .................................................................................................................... 3-10TCP/IP PORTS & SERVICES .................................................................................................................... 3-10NETWORK ENCRYPTION .......................................................................................................................... 3-11NETWORK ACCESS CONTROL .................................................................................................................. 3-16CONTEXTUAL ENDPOINT CONNECTION MANAGEMENT............................................................................... 3-17FIPS140-2 COMPLIANCE VALIDATION...................................................................................................... 3-17ADDITIONAL NETWORK SECURITY CONTROLS .......................................................................................... 3-174 DEVICE SECURITY: BIOS, FIRMWARE, OS, RUNTIME, AND OPERATIONAL SECURITYCONTROLS ............................................................................................................................................. 4-19FAIL SECURE VS FAIL SAFE..................................................................................................................... 4-19PRE-BOOT SECURITY.............................................................................................................................. 4-20BOOT PROCESS SECURITY ...................................................................................................................... 4-20RUNTIME SECURITY ................................................................................... ERROR! BOOKMARK NOT DEFINED.EVENT MONITORING & LOGGING ............................................................................................................. 4-20OPERATIONAL SECURITY ......................................................................................................................... 4-21BACKUP & RESTORE (CLONING) .............................................................................................................. 4-21EIP APPLICATIONS.................................................................................................................................. 4-215 CONFIGURATION & SECURITY POLICY MANAGEMENT SOLUTIONS..................................... 5-226 IDENTIFICATION, AUTHENTICATION, AND AUTHORIZATION .................................................. 6-23AUTHENTICATION .................................................................................................................................... 6-23AUTHORIZATION (ROLE BASED ACCESS CONTROLS) ................................................................................ 6-257 ADDITIONAL INFORMATION & RESOURCES .............................................................................. 7-26SECURITY @ XEROX® ............................................................................................................................ 7-26RESPONSES TO KNOWN VULNERABILITIES ............................................................................................... 7-26ADDITIONAL RESOURCES ........................................................................................................................ 7-26APPENDIX A: PRODUCT SECURITY PROFILES ................................................................................ 7-27VERSANT® 80/180 ................................................................................................................................ 7-28VERSANT® 2100/3100 ........................................................................................................................... 7-31
PreviousNext |