2
In setting up the device to be in the evaluated configuration, perform the following
3
:
1.
Authentication Passwords
:
Authentication passwords for unique user accounts established for all users and System Administrators should be set
by the System Administrator to a minimum length of 8 alphanumeric characters unless applicable internal procedures
the System Administrator must comply with require a minimum password of a greater length (the minimum length
can be set to any value between 1 and 63 alphanumeric characters). Authentication passwords should always be
strong passwords by using a combination of upper case and lower case letters, digits, and allowable special characters
(“!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “(“, “)”, and other printable ISO 8859-15 set and Unicode/UTF-8 set characters
except “>”), not use common names or phrases, etc.
The ‘maximum length’ can be set to any value between 8 and 63 (alphanumeric) characters consistent with the same
internal procedures. Follow the instructions for “Configuring Password Rules” under “Setting Parameters for Login,
Logout and Passwords” in Section 4 of the SAG to set both the minimum and maximum user authentication password
lengths.
2.
Administrator Password
:
i.
Change the Administrator password upon installation. Reset the Administrator password periodically. Change
the Administrator password once a month. To change the Administrator password follow the instructions under
“Changing the System Administrator Password” in Section 2 of the SAG.
3.
Authentication
:
i.
Establish local authentication at the device via the Web UI by following the “Setting the Local Login Method”
instructions in Section 4 of the SAG.
Set up unique user accounts with appropriate credentials (user names and passwords) on the device for all users
who require access to the device via the Control Panel or Web UI by following the “User Database” instructions
in Section 4 of the SAG.
ii.
Establish network (remote) authentication access to network accounts from the Web UI by following the
“Setting the Network Login Method” instructions in Section 4 of the SAG to set up an Authentication Server. For
the most secure network authentication, the preferred authentication types are
Kerberos
or
LDAP
.
When configuring network authentication using LDAP/LDAPS, make sure SSL is enabled for LDAP by following
the instructions for enabling SSL for LDAP in “Configuring Settings for SSL/TLS” under “Managing Settings for
SSL/TLS” in Section 4 of the SAG.
iii.
Establish user authentication via a Smart Card and smart card reader by following the “Setting the Smart Card
Login Method” instructions in Section 4 of the SAG.
Note that there is one other authentication methods available on the device – Convenience Authentication. Although
local, network and smart card authentication are the preferred authentication methods, if use of Convenience
Authentication is desired follow the “Setting the Convenience Authentication Method” instructions in Section 4 of the
SAG to set up Convenience Authentication.
4.
Authorization
:
i.
Establish authorization at the device by following the “Configuring Authorization Settings” instructions in
Section 4 of the SAG.
When adding new device and print user roles, follow the instructions for “Adding a New Device User Role” and
“Creating a Customer Print User Role”, respectively, under “Configuring Authentication Settings” in Section 4 of
the SAG. Follow the applicable instructions under “Configuring Authentication Settings” to copy, edit or delete a
device user or print user role.
To add users to a device user or print user role, follow the instructions for “Adding Members to a Role” under
“Configuring Authentication Settings” in Section 4 of the SAG.
ii.
For secure operation of the device, set the permission for all Guest Access (see “Roles and Level of Access” under
“Configuring Authentication Settings” in Section 4 of the SAG) to
No Access
for Control Panel Permissions and
3
The instructions for setting up the device in the Evaluated Configuration assume that the System Administrator has been successfully
authenticated as a System Administrator at either the Control Panel or Web UI following the instructions in section I.a of this document.
