Security
96
Xerox
®
WorkCentre
®
7800/7800i Series Color Multifunction Printer
System Administrator Guide
FIPS 140-2
If FIPS 140-2 encryption is required, all computers, servers, browser software, security certificates, and
applications must comply with the standard or operate in FIPS-compliant mode. Transmitted and stored
data must be encrypted as specified in United States Federal Information Processing Standard (FIPS)
140-2 (Level 1). You can enable the printer to check that the current configuration ensures the specified
encryption.
Enabling FIPS 140 Mode can prevent the printer from communicating with network devices that
communicate using protocols that do not use FIPS-compliant encryption algorithms. To allow non-FIPS
compliant protocols or features when FIPS 140 mode is enabled, acknowledge the notification of
non-compliance during the validation process.
When non-FIPS compliant protocols are enabled after FIPS mode is enabled, a message appears
indicating the protocols use non-FIPS compliant encryption algorithms. Examples of non-FIPS compliant
protocols include SNMPv3 or NetWare.
When you enable FIPS-140 mode, the printer validates the current configuration by performing the
following checks:
•
Validates certificates for features where the printer is the server in the client-server relationship. An
SSL certificate for HTTPS is an example.
•
Validates certificates for features where the printer is the client in the client-server relationship. CA
certificates for LDAP, Xerox Extensible Interface Platform, and Smart eSolutions are examples.
•
Validates certificates that are installed on the printer, but not used. Certificates for HTTPS, LDAP, or
SNMPv3 are examples.
•
Checks features and protocols for non-compliant encryption algorithms. For example, NetWare and
SNMPv3 use encryption algorithms that are not FIPS-compliant.
When validation is complete, information and links appear in a table at the bottom of the page.
•
Click the appropriate link to disable a non-compliant feature, or protocol.
•
Click the appropriate link to replace any non-compliant certificates.
•
Click the appropriate link to acknowledge that you allow the printer to use non-compliant features
and protocols.