5
Use the default values for IPSec parameters listed in the IPSec discussion starting on page 183 in the SAG
whenever
possible for secure IPSec setup.
x).
To enable the session inactivity timers (termination of an inactive session) from the Web UI follow the instructions on page
194 of the SAG.
y).
There is a software verification test feature that checks the integrity of the executable code by comparing a calculated hash
value against a pre-stored value to ensure the value has not changed. To initiate this feature perform the following from the
Web UI:
•
Select the
Properties
tab.
•
Select the following entries from the
Properties
'
Content
menu’:
Security
Æ
Software Verification Test
.
•
Select the [
Start
] button to initiate the software verification test.
z).
To enable the Scan to Mailbox feature from the Web UI:
•
Select the
Properties
tab.
•
Select the following entries from the
Properties
'
Content
menu’:
Services
Æ
Scan to Mailbox
Æ
Enablement
•
Select the [
Enable Scan to Mailbox
] button and then select the [
On Scan tab, view Mailboxes by default
] button.
•
Select the [
Apply
] button. This will save the indicated settings.
For the purposes of the evaluation, the Scan to Mailbox feature was set to store scanned documents only in private folders.
To set the scan policies for the Scan to Mailbox feature, select the following entries from the
Properties
'
Content
menu’:
Services
Æ
Scan to Mailbox
Æ
Scan Policies.
Public folders are not allowed in the evaluated configuration. The scan
policies should therefore be set as follows:
•
Deselect
[
Allow Scanning to Default Public Folder
].
•
Deselect [
Require per Job password to public folders
].
•
Select [
Allow additional folders to be created
]
•
Select [
Require password when creating additional folders
].
•
Select [
Prompt for password when scanning to private folder
].
•
Deselect [
Allow access to job log data
].
Passcodes for Scan-to-Mailbox mailboxes should be selected to be as random as possible and should be changed on a
regular basis, consistent with applicable internal policies and procedures. Xerox recommends that the minimum length of a
password assigned to a private Scan to Mailbox folder be 8 alphanumeric characters.
aa).
In the evaluated configuration Embedded Fax Secure Receive option should be enabled,
4
fax forwarding on receive feature
should be enabled, and both the Local Polling option and embedded fax mailboxes should not used.
After normal business hours Fax Forwarding on Receive should be enabled and secure receive should be disabled.
•
To enable/disable Secure Receive from the Local UI follow the instructions under “Secure Receive” on page 279 of the
SAG. The System Administrator should ensure that the secure receive passcode, which is fixed at 4-digits, is changed
every three days.
•
To enable Fax Forwarding on Receive and establish up to five fax forward rules from the WebUI follow the instructions
for “Fax Forward” starting on page 284 of the SAG.
The Mailbox and Polling Policy should be set to delete received faxes when they are printed. To set the Mailbox and Polling
Policy follow the instructions under “File Management – Retained Document Policy” on page 282 of the SAG. Makes sure
the ‘Delete on Print’ option is selected.
bb).
For best security print jobs submitted to the device from a client or from the Web UI should be submitted as a secure print
job. Once a secure print job has been submitted the authenticated user can release the job for printing at the Local UI
following the directions for releasing a job on page 244 of the User Guide.
cc).
In the evaluated configuration the Secure Print security function should be set to require the user ID for identification
purposes to release a secure print job. Follow the instructions on page 31 of the SAG to access and configure the Secure
Print security function.
dd).
Before upgrading software on the device via the Manual/Automatic Customer Software Upgrade, please check for the latest
certified software versions. Otherwise, the machine may not remain in its evaluated configuration.
ee).
In the evaluated configuration, customer software upgrades via the network should be disabled.
4
This will apply to any received fax, including faxes that are remotely polled to the device from another remote fax machine or remote device.
