2
For directions on how to change the Tools password, follow the “Changing the System Administrator Password” instructions
on page 19 in the SAG.
The evaluated configuration assumes that the Admin Password Reset security feature will be disabled and not used. To
disable this feature, perform the following:
•
At the Web UI select the
Properties
tab.
•
Select the following entries from the
Properties
'
Content
menu’:
Security
Admin Password
Reset Policy
•
Select the [
Disable Password Reset
] option and then select the [
Apply
] button to save the option entered.
d).
The System Administrator should establish or ensure that unique user accounts with appropriate privileges are created for
all users who require access to the device, that no ‘Guest’ users are allowed to access any services on the device, and that
local usernames established on the device match domain names and both map to the same individual. Follow the “User
Database” instructions starting on page 60 in the SAG to set up local user accounts on the device.
The System Administrator should also ensure that authentication passwords for unique user accounts established for users
should be set to a minimum length of 8 (alphanumeric) characters unless applicable internal procedures the System
Administrator must comply with require a minimum password of a greater length. The ‘Maximum Length’ can be set to any
value between 8 and 63 (alphanumeric) characters consistent with the same internal procedures.
Follow the “Specifying Password Requirements” instructions on page 61 in the SAG to set the minimum and maximum user
authentication password lengths.
e).
Xerox recommends the following passcodes be changed on a regular basis, chosen to be as random as possible and set to
the indicated minimum lengths:
•
Smart Card or CAC passcode – 8 characters (alphanumeric)
•
Secure Print passcode – 6 digits
•
Scan To Mailbox password – 8 characters (alphanumeric)
f).
For establishing remote authentication access to network accounts follow the “Configuring Network Authentication
Settings” instructions starting on page 61 of the SAG to set up an Authentication Server. Follow the “Configuring Smart
Authentication Settings” instructions starting on page 64 of the SAG to set up user authentication via a Smart Card. Note
that CAC is the only type of Smart Card supported in the evaluated configuration.
g).
The System Administrator should ensure that no authenticated user is assigned the Accounting Administrator role.
h).
In the evaluated configuration only the System Administrator should have the ability to delete a job. From the Local UI
follow the instructions for “Setting Job Deletion Options at the Control Panel” on page 198 of the SAG to set job deletion to
‘System Administrator Only’.
From the WebUI, set the permission for ‘Delete Jobs’ under the ‘Job Status Pathway’ to “Not Allowed” for all roles defined
other than System Administrator. Follow the instructions for “Editing an Authenticated User Role” on page 74 of the SAG.
i).
In the evaluated configuration the System Administrator should ensure that access to all pathways and services is set to
“Not Allowed” for all defined roles so that they can be accessed only by authenticated users. Follow the instructions in the
‘Editing Services and Tools Permissions for the Non-Logged In Users Role’ section on page 72.
j).
All print, copy, workflow scan, scan to email, LANFax and Embedded Fax jobs (both send and receive) are temporarily stored
on the hard disk drive. For customers concerned about these document files stored on the hard disk drive the Immediate
Image Overwrite (IIO) and On Demand Image Overwrite (ODIO) security features, which come installed on the device, must
be properly configured and enabled. Two forms of On Demand Image Overwrite are manually invoked – a Standard On
Demand Image Overwrite that will overwrite all image data except data stored by the Reprint Save Job feature and data
stored in Embedded Fax dial directories and mailboxes and a Full On Demand Image Overwrite that will overwrite all image
data including data stored by the Reprint Save Job feature and data stored in Embedded Fax dial directories and mailboxes.
Please follow the “Manually Deleting Image Data” instructions starting on page 99 in the
SAG
for proper setup and
initiation of On Demand Image Overwrite from the Web UI and the instructions under ‘Manually Deleting Image Data at
the Control Panel’ on page 99 of the SAG for proper setup and initiation of On Demand Image Overwrite from the Local UI.
Follow the “Scheduling Routine Deletion of Image Data” instructions starting on page 98 in the
SAG
for proper setup and
initiation of a Scheduled On Demand Image Overwrite from the Web UI.
Ensure that the ‘Confirmation Report’ setting is set to “On” when setting up either a manual or scheduled ODIO so that a
Confirmation Report will always print upon completion of an ODIO.
Follow the instructions under ‘Enabling Immediate Image Overwrite the Control Panel’ or ‘Enabling Immediate Image
Overwrite’ on page 100 of the SAG to enable Immediate Image Overwrite from the control panel or the WebUI,
respectively.
Notes:
