2
For directions on how to change the Tools password, follow the “Changing the System Administrator Password” instructions
on page 24 in the
SAG
.
d).
The System Administrator should establish or ensure that unique user accounts are established with appropriate privileges
for all users who require access to the device, that no ‘Guest’ users are allowed to access any services on the device and that
local usernames established on the device match domain names and both map to the same individual. Follow the “User
Information Database” instructions starting on page 173 in the SAG to set up local user accounts on the device.
The System Administrator should also ensure that authentication passwords for unique user accounts established for users
should be set to a minimum length of 8 (alphanumeric) characters unless applicable internal procedures require a minimum
password of a greater length. The ‘Maximum Length’ can be set to any value between 8 and 63 (alphanumeric) characters
consistent with the same internal procedures.
Follow the “Password Settings” instructions on page 175 in the SAG to set the minimum and maximum user authentication
password lengths.
e).
Xerox recommends the following passcodes be changed on a regular basis, chosen to be as random as possible and set to
the indicated minimum lengths:
•
Smart Card or CAC passcode – 8 characters (alphanumeric)
•
Secure Print passcode – 6 digits
•
Scan To Mailbox password – 8 characters (alphanumeric)
f).
In the evaluated configuration the ability to delete a job should be set to ‘System Administrators Only’ if set from the Local
UI or ‘Administrators Only’ if set from the WebUI. Follow the instructions for “Job Operation Rights” starting on page 38 of
the SAG from the Local UI or for “Job Management” on page 38 of the SAG from the WebUI.
For establishing network (remote) authentication access to network accounts follow the
Authentication Configuration
(Network Authentication)
section starting on page 157 of the SAG. Follow the instructions located in the
Configuring the
Smart Card
section starting on page 20 and in the
Using the Smart Card
section on page 34 in the CAC Guide
2
to set up
user authentication via a Smart Card and to use the Smart Card, respectively.
The device System Administrator should be aware of situations in which a normal device user has admin privileges on the
network authentication server.
While permissible in certain customer environments, this arrangement could create the
opportunity for authentication bypass at the devices.
The device System Administrator should be diligent in monitoring the
audit log for unauthorized configuration changes.
g).
In the evaluated configuration the System Administrator should ensure that all pathways and services are ‘Locked’ so that
they can be accessed only by authenticated users. Follow the instructions in the ‘To set Authentication to control access to
individual services’ steps included in the discussion of each Authentication Configuration method starting on page 158 of
the SAG to lock all pathways and services.
h).
All print, copy, workflow scan, scan to email, Internet Fax, LANFax and Embedded Fax jobs (both send and receive) are
temporarily stored on the hard disk drive. For customers concerned about these document files stored on the hard disk drive
the Immediate Image Overwrite and On Demand Image Overwrite security features, which comes installed on the device,
must be properly configured and enabled. Two forms of On Demand Image Overwrite are manually invoked – a Standard
On Demand Image Overwrite that will overwrite all image data except data stored by the Reprint Save Job feature, data
stored in Scan to Mailbox folders and data stored in Embedded Fax dial directories and mailboxes and a Full On Demand
Image Overwrite that will overwrite all image data including data stored by the Reprint Save Job feature, data stored in
Scan to Mailbox folders and data stored in Embedded Fax dial directories and mailboxes. Note that the Reprint Saved Jobs
feature and Embedded Fax mailboxes are not part of the evaluated configuration.
Please follow the “On Demand Overwrite” instructions starting on page 195 in the
SAG
for proper setup and initiation of a
Standard or Full On Demand Image Overwrite from either the Local UI or the Web UI. The System Administrator also has
the option of scheduling either a Standard or Full On Demand Image Overwrite from the Web UI. Follow the “To Schedule
On Demand Overwrite” instructions on page 197 in the
SAG to schedule an On Demand Image Overwrite.
To enable Immediate Image Overwrite from the control panel, follow the instructions under ‘To Enable or Disable
Immediate Image Overwrite’ on page 200 of the SAG.
Notes:
•
Immediate Image Overwrite of a delayed print job will not occur until after the machine has printed the job.
2
Xerox
®
Smart Card Installation Guide Xerox
®
WorkCentre 5632/5638/ 5655/5665/5675/5687 Xerox
®
WorkCentre
5735/5740/5745/5755/5765/5775/5790 Xerox
®
WorkCentre 5135/5150 Xerox
®
WorkCentre 5030/5050 (software version 05.004.xx.xxx),
Version 6.0, 06/11
