Xerox® Security Guide for Entry Production Color Class Products
March 2019
Page 4-19
Device Security: BIOS, Firmware, OS, Runtime, and
Operational security controls
Versant® and ColorPress® products have robust security features that are designed to protect the
system from a wide range of threats. Below is a summary of some of the key security controls.
Pre-Boot BIOS Protection
BIOS
The BIOS is inaccessible and cannot be cleared or reset.
The BIOS can only be modified by a firmware update, which is digitally signed.
BIOS will fail secure, locking the system if integrity is compromised.
Embedded Encryption
Configuration Settings (including security settings) and User Data are encrypted by AES.
Each device is encrypted using its own unique key.
Boot Process Integrity
Firmware Integrity & Verification
Firmware is digitally signed.
Firmware is verified against a whitelist using cryptographic hashing.
Event Monitoring & Logging
The Audit Log feature records security-related events.
Continuous Operational Security
Firmware and Diagnostic Security Controls
Firmware installation controls limit who can install firmware and from where.
Customer defined service technician (CSE) restrictions add an additional layer of protection to
prevent unauthorized access and/or modification of Versant® and ColorPress® products.
Continuous logging
Fail Secure Vs Fail Safe
Versant® and ColorPress® products are designed to fail secure.
When a security control is compromised, the control is no longer trustworthy, and a system is at risk of
further compromise. In such a scenario, security products may either fail safe [open] or fail secure
[closed].
An example from physical security is a door. If power is lost the door may either:
Unlock and
‘fail safe’ to an open state likely for safety reasons (such as in a public building).
Lock and
‘fail secure’ for security reasons (such as a bank vault).