Xerox® Security Guide for Entry Production Color Class Products
March 2019
Page 2-7
User Data Protection
Xerox Entry Production Color Presses receive, process, and may optionally store user data from several
sources including: local print, scan, fax NO FAX ON VERSANT OR CP1000, or copy jobs or mobile and
cloud applications, etc. Xerox products protect user data being processed by employing strong
encryption. When the data is no longer needed, the Image Overwrite (IIO) feature automatically erases
and overwrites the data on magnetic media, rendering it unrecoverable. As an additional layer of
protection, an extension of IIO called On-Demand Image Overwrite (ODIO) can be invoked to securely
wipe all user data from magnetic media.
User Data protection while within product
This section describes security controls that protect user data while it is resident within the product. For a
description of security controls that protect data in transit please refer to the following section that
discusses data in transit; also, the
Network Security
section of this document.
Encryption
All user data being processed
or stored on the product is encrypted
by default. Note that encryption
may be disabled to enhance performance on both Versant® and ColorPress® products (though this is not
recommended in secure environments).
The algorithm used in the product is AES-256. The encryption key is automatically created at start up
and stored in the RAM. The key is deleted by a power-off, due to the physical characteristics of the RAM.
TPM Chip
Some models include a Trusted Platform Module (TPM). The TPM is compliant with ISO/IEC 11889, the
international standard for a secure cryptoprocessor, dedicated to secure cryptographic keys. The TPM is
used to securely hold the product storage encryption key. Please refer to
for model specific information.
Media Sanitization (Image Overwrite)
ColorPress® and Versant® products equipped with magnetic hard disk drives are compliant with NIST
Special Publication 800-88 Rev1: Guidelines for Media Sanitization. User data is securely erased using a
three-pass algorithm as described in the following link:
https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-88r1.pdf
Immediate Image Overwrite
When enabled, Immediate Image Overwrite (IIO) will overwrite any temporary files that were created on
the magnetic hard disk that may contain user data. The feature provides continuous automatic
overwriting of sensitive data with minimal impact to performance, robust error reporting, and logging via
the Audit Log.
On-Demand Image Overwrite
Complementing the Immediate Image Overwrite is On-Demand Overwrite (ODIO). While IIO overwrites
individual files, ODIO overwrites entire partitions. The ODIO feature can be invoked at any time and
optionally may be scheduled to run automatically.
Note: Solid State storage media such as Solid-State Disk, eMMC, SD-Card, and Flash media cannot be completely
sanitized by multi-pass overwriting methods due to the memory wear mapping that occurs. Additionally, attempts to do so
would also greatly erode the operational lifetime of solid state media. Solid State media is therefore not recommended for
use in highly secure environments. Please refer to NIST-800-
88 “Table A-8: Flash Memory-Based Storage Product
Sanitization” for technical details.