![background image](http://html2.mh-extra.com/html/xerox/workcentre-7220/workcentre-7220_information_3331331051.webp)
WorkCentre 7220-7225 Information Assurance Disclosure Paper
Ver. 1.0, January 2013
Page
51 of 61
4.8.
FIPS
4.8.1.
FIPS 140-2 Compliance
You can enable the printer to check its current configuration to ensure that transmitted and stored data is encrypted
as specified in FIPS 140-2 (Level 1). Once FIPS 140 mode is enabled, you can allow the printer to use a protocol or
feature that uses an encryption algorithm that is not FIPS-compliant, but you must acknowledge this in the
validation process. If FIPS mode is enabled, when you enable a non-compliant protocol such as SNMPv3 or NetWare,
a message appears to remind you that the protocol uses an encryption algorithm that is not FIPS-compliant. NOTE:
If you enable FIPS 140-2 Mode it may not be able to communicate with other network devices that use protocols
that do not employ FIPS 140-2 validated algorithms.
When you enable FIPS 140 mode, the printer validates its current configuration by performing the following checks:
•
Validates certificates for features where the printer is the server in the client-server relationship. An SSL
certificate for HTTPS is an example.
•
Validates certificates for features where the printer is the client in the client-server relationship. CA
Certificates for LDAP, Xerox Extensible Interface Platform (EIP 2.0), and Smart eSolutions are examples.
•
Validates certificates that are installed on the printer, but not used. Certificates for HTTPS, LDAP, or SNMPv3
are examples
.
•
Checks features and protocols for non-compliant encryption algorithms. For example, NetWare, SNMPv, and
SMB use encryption algori
t
hms that are not FIPS-compliant.
•
Validates Minimum Certificate Key Length configuration is FIPS compliant (must be 2048 bit).
•
Performs CAC, PIV, and .NET card validation.
•
Verifies Digital Signing and Encrypted e-mail is FIPS compliant.
•
IPSec over IPV6 and IPv4 are FIPS compliant.
When validation is complete, information and links display in a table at the bottom of the FIPS 140-2 configuration
page of the webUI.
•
Click the appropriate link to disable a non-compliant feature, or protocol.
•
Click the appropriate link to replace any non-compliant certificates.
•
Click the appropriate link to acknowledge that you allow the printer to use non-compliant features and
protocols.