Secure Installation and Operation of Your WorkCentre
®
4265
Purpose and Audience
This
supplemental guide provides information on the secure installation and operation of a WorkCentre 4265 Multifunction
System. All customers, but particularly those concerned with secure installation and operation of the machines, should follow
these guidelines.
Overview
This document lists some important customer information and guidelines that will ensure that your WorkCentre 4265 device is
operated and maintained in a secure manner.
Background
Customers are advised that changes to the evaluated configuration may be required to support business goals and for these
devices are currently undergoing Common Criteria evaluation and are evaluated in a particular configuration, referred to in the
rest of this document as the “evaluated configuration”. Section 1 describes how to install and configure the machine so that it
is in the same configuration as it is for evaluation.
Customers are advised that changes to the evaluated configuration may be required to support business goals and for
compliance with policies applicable to their environment
1
. After careful review of this document, customers should document
settings to be applied to devices in their environment establishing a unique benchmark configuration to support processes such
as installation, change management and audit. Xerox Professional Services, which can be contacted via
http://www.xerox.com/about-xerox/customer-training/tab1-ab-enus.html
, can assist in evaluating and configuring these
devices.
The information provided here is consistent with the security functional claims made in the Security Target
2
. Upon completion
of the evaluation, the Security Target will be available from the Common Criteria Certified Product website
(
http://www.commoncriteriaportal.org/products.html
) list of evaluated products, from the Xerox security website
(http://www.xerox.com/information-security/common-criteria-certified/enus.html ), or from your Xerox representative.
I.
Secure Installation and Set-up in the Evaluated Configuration
To set up the machines in the evaluated configuration, follow the guidelines below:
a.
Set up and configure the following security protocols and functions in the evaluated configuration:
Immediate Image Overwrite (IIO)
On Demand Image Overwrite (ODIO)
Data Encryption
FIPS 140-2 Mode
IP Filtering
Audit Log
Security Certificates, Transport Layer Security (TLS)/Secure Sockets Layer (SSL) and HTTPS
Local, Remote or Smart Card Authentication
Local or Remote Authorization
Personalization
802.1x Device Authentication
Session Inactivity Timeout
USB Port Security
Software Verification Self-Test
Secure Print
System Administrator login is required when accessing the security features via the Web User Interface (Web UI) or when
implementing the guidelines and recommendations specified in this document. To log in to the Web UI or Local User
Interface (denoted hereafter in this document as the Control Panel) as an authenticated System Administrator, follow the
instructions under “Accessing CentreWare Information Services as a System Administrator” or “Accessing the Control Panel
as a System Administrator”, respectively, under “Accessing Administration and Configuration Settings” in Section 2 of the
applicable System Administration Guide (SAG)
3
.
b.
Follow the instructions located in the SAG in Chapter 4, Security to set up the security functions listed in Item a above. Note
that whenever the SAG
requires that the System Administrator provide an IPv4 address, IPv6 address or port number the
1
For example, if the customer security policy requires that passwords are reset on a quarterly basis, the Reset Policy for the Admin Password will
need to be enabled. Also, many customers choose to manage user credentials centrally, rather than on individual devices through local
authorization.
2
Xerox Multi-Function Device Security Target WorkCentre 4265, Latest Version issued
3
Xerox
WorkCentre
4265 Multifunction Printer System Administrator Guide, Version 1.0: October 2014.
