3
immediately by the System Administrator) from the Web UI; follow the instructions for ‘Scheduling Routine Deletion of
Image Data’ under Overwriting Image Data in Section 4 of the SAG to enable a scheduled On Demand Image
Overwrite from the Web UI.
Note:
Depending on how many files are being deleted, the printer can be offline for up to 60 minutes during the
deletion process.
Manual On Demand Image Overwrite is not enabled by default at the factory when the device is first delivered.
7.
Security Certificates
: Install a digital certificate on the device before enabling SSL by following the appropriate
instructions under “Security Certificates” in in Section 4 of the SAG for installing any one of the digital certificates
(Device Certificate, CA Certificate or Trusted Certificate) the device supports.
Note that a Xerox self-signed certificate is installed by default on the device. If a CA certificate is desired a Certificate
Signing Request (CSR) will have to be sent to a Certificate Authority to obtain the CA Certificate before it can be
installed on the device; follow the instructions for “Creating a Certificate” under “Security Certificates” in Section 4 of
the SAG to create the CSR.
8.
Transport Layer Security (TLS)/Secure Sockets Layer (SSL)
:
i.
Follow the instructions under ‘Configuring DNS Settings the Control Panel’ or ‘”IPV4” under “Configuring IP Settings
in CentreWare Internet Services” in Section 3 of the SAG for entering the host and domain names, to assign the
machine a valid, fully qualified machine name and domain from the Control Panel or the Web UI, respectively
(required for TLS/SSL to work properly).
ii.
Enable HTTPS by following the instructions for “Enabling HTTPS (SSL)” under “Secure HTTP (SSL)” in Section 4 of
the SAG.
iii.
Disable SSLv3.0 in favor of TLS v1.x to avoid vulnerabilities associated with downgrading from TLS to SSLv3.0.
9.
FIPS 140-2 Mode
: Encryption of transmitted and stored data by the device must meet the FIPS 140-2 Standard. Enable
the use of encryption in “FIPS 140 mode” and check for compliance of certificates stored on the device to the FIPS 140-
2 Standard by following the instructions for “Enabling FIPS 140 Mode and Checking for Compliance” in Section 4 of the
SAG.
10.
Data Encryption
: Data encryption is enabled by default on the device and there is no mechanism to disable data
encryption from either the Control Panel or Web UI.
11.
IP Filtering
: Enable and configure IP Filtering to create IP Filter rules by following the instructions under “IP Filtering” in
Section 4 of the SAG.
Note that IP Filtering will not work if IPv6 is used instead of IPv4.
Note also that a zero (‘0’) should be used and not an asterisk (‘*’) if a wildcard is needed for an IP address in an IP Filter
rule.
12.
Audit Log
: Enable the audit log, download the audit log .txt file and then save it in a compressed file on an external IT
product using the Web UI by following the appropriate instructions under “Audit Log” in Section 4 of the SAG. Note
that HTTPS needs to be enabled in order to download the audit log.
In downloading the Audit Log the System Administrator should ensure that Audit Log records are protected after they
have been exported to an external trusted IT product and that the exported records are only accessible by authorized
individuals.
The System Administrator should download and review the Audit Log on a daily basis.
There is the possibility that on an intermittent basis multiple entries may be included in the audit log for the same
event.
13.
Session Inactivity Timeout
: Enable the session inactivity timers (termination of an inactive session) from the Web UI
by following the instructions for “Setting System Timeout Values” or from the Control Panel by following the
instructions for “Setting the System Timeout Values at the Control Panel”, both under System Timeout in Section 4 of
the SAG.
14.
Secure Print
: Set the Secure Print passcode length by following the instructions under “Configuring Secure Print
Settings” in Section 5 of the SAG.
For best security print jobs (other than LANFax jobs) submitted to the device from a client or from the Web UI should
be submitted as a secure print job.
Once a secure print job has been submitted the authenticated user can either release the job for printing at the Control
Panel by following the instructions under ”Releasing a Secure Print” under “Printing Special Job Types” under “Printing
