2
c).
Change the Administrator password as soon as possible. Reset the Tools password periodically.
(1) Set the Administrator password to a minimum length of eight alphanumeric characters, (2) change the Administrator
password once a month and (3) ensure that all passwords are strong passwords (e.g., passwords use a combination of
alphanumeric and non-alphanumeric characters; passwords don’t use common names or phrases, etc.).
For directions on how to change the Tools password, follow the “Changing the System Administrator Password” instructions
on page 19 in the SAG.
The evaluated configuration assumes that the Admin Password Reset security feature will be disabled and not used. To
disable this feature, perform the following:
•
At the Web UI select the
Properties
tab.
•
Select the following entries from the
Properties
'
Content
menu’:
Security
Admin Password
Reset Policy
•
Select the [
Disable Password Reset
] option and then select the [
Apply
] button to save the option entered.
d).
The System Administrator should establish or ensure that unique user accounts with appropriate privileges are created for
all users who require access to the device, that no ‘Guest’ users are allowed to access any services on the device, and that
local usernames established on the device match domain names and both map to the same individual. Follow the “User
Information” instructions starting on page 61 in the SAG to set up local user accounts on the device.
The System Administrator should also ensure that authentication passwords for unique user accounts established for users
should be set to a minimum length of 8 (alphanumeric) characters unless applicable internal procedures the System
Administrator must comply with require a minimum password of a greater length. The ‘Maximum Length’ can be set to any
value between 8 and 63 (alphanumeric) characters consistent with the same internal procedures.
Follow the “Specifying Password Requirements” instructions on page 62 in the SAG to set the minimum and maximum user
authentication password lengths.
e).
Xerox recommends the following passcodes be changed on a regular basis, chosen to be as random as possible and set to
the indicated minimum lengths:
•
Smart Card or CAC passcode – 8 characters (alphanumeric)
•
Secure Print passcode – 6 digits
•
Scan To Mailbox password – 8 characters (alphanumeric)
f).
In the evaluated configuration the ability to delete a job should be set to ‘System Administrator Only’ if set from the Local
UI or ‘Admin Only’ if set from the WebUI. Follow the instructions for “Setting Job Deletion Options at the Control Panel” on
page 5 of the User Guide Supplement
4
from the Local UI or for “Controlling Access to Tools and Features” on page 63 of the
SAG from the WebUI.
g).
For establishing remote authentication access to network accounts follow the “Setting Up Network Authentication”
instructions starting on page 67 of the SAG to set up an Authentication Server. Follow the “Authentication Using a Card
Reader System” instructions starting on page 70 of the SAG to set up user authentication via a Smart Card. Note that CAC is
the only type of Smart Card supported in the evaluated configuration.
h).
In the evaluated configuration the System Administrator should ensure that all pathways and services are ‘Locked’ so that
they can be accessed only by authenticated users. Follow the instructions in the ‘Controlling Access to Tools and Features’
section on page 63 of the SAG to lock all pathways and services.
i).
All print, copy, workflow scan, scan to email, LANFax and Embedded Fax jobs (both send and receive) are temporarily stored
on the hard disk drive in the WorkCentre 7525/7530/7535/7545/7556. For customers concerned about these document
files stored on the hard disk drive the Immediate Image Overwrite and On Demand Image Overwrite security features,
which comes installed on the device, must be properly configured and enabled. Two forms of On Demand Image Overwrite
are manually invoked – a Standard On Demand Image Overwrite that will overwrite all image data except data stored by
the Reprint Save Job feature and data stored in Embedded Fax dial directories and mailboxes and a Full On Demand Image
Overwrite that will overwrite all image data including data stored by the Reprint Save Job feature and data stored in
Embedded Fax dial directories and mailboxes.
Please follow the “Overwriting Image Data” instructions starting on page 96 in the
SAG
for proper setup and initiation of On
Demand Image Overwrite from the Web UI and the instructions under ‘Manually Deleting Image Data at the Control Panel’
on page 4 of the User Guide Supplement for proper setup and initiation of On Demand Image Overwrite from the Local UI.
To enable Immediate Image Overwrite from the control panel, follow the instructions under ‘Enabling Immediate Image
Overwrite the Control Panel’ on page 4 of the User Guide Supplement.
4
Xerox
WorkCentre
7755/7765/7775 Xerox
WorkCentre
7525/7530/7535/7545/7556 Xerox
ColorQube
9301/9302/9303 Security-Related
Supplement to User Guidance, Version 1.0: September 2011
