Security at Xerox
Xerox Product Security for Secure Printing
At Xerox, product security issues are front and center. As a leader in the development of digital technology, Xerox has demonstrated a commitment to keeping digital information safe and secure by identifying potential vulnerabilities and proactively addressing them to limit risk. Customers have responded by looking to Xerox as a trusted provider of secure printing solutions with many standard and optional product security features. Xerox production devices are, of course, designed for speed and include high output features. Xerox office devices are the highest-speed devices in the industry to receive Common Criteria Certification, providing an independent standard for product security. Several of Xerox Corporation’s high-speed digital copiers and advanced multifunction printers have become the fastest office devices in the industry to earn the international standard in information and product security. You may review the Xerox devices that have achieved or are being evaluated for Common Criteria on our Common Criteria page. These devices join a long list of Xerox mid-speed office products to make it even easier for customers to meet their document production needs and the strict secure printing requirements in the government, military, healthcare, legal and financial sectors. Specific product security features on Xerox devices include:
The Image Overwrite product security option electronically shreds information stored on the hard disk of devices as part of routine job processing. Electronic erasure can be performed automatically at job completion (Immediate), On Demand, and on some models Scheduled. The Xerox Image Overwrite product security process implements a three-pass algorithm originally specified by the U.S. Department of Defense.
All data in motion in and out of the device, as well as data stored within the device, is secured with state of the art encryption. Most Xerox devices support several different protocols for encrypting data in motion in and out of the device including SSL and IP Security (IPSec). Note that scanning, printing, and access to the Web/remote user interface can be secured with either SSL/TLS or IPSec.
Unified ID System integrates your Xerox multifunction priinters with your existing employee/student ID badge solution to provide a flexible and convenient authentication system. Users simply log-in with a swipe of their magnetic or proximity ID card for secure access to multifunction printer features that need to be tracked for accounting or regulatory requirements.
While firewalls work at the network periphery to prevent unauthorized access to a customer's environment, unprotected fax connections in multifunction printers can be an open "back door" into the network. Xerox was the first manufacturer to offer a Common Criteria certified product that assures complete separation of the fax telephone line and the network connection, and continues to include that claim in all product security certifications.
When enabled on Xerox office printers and multifunction printers, this feature monitors the print, copy, scan and fax pages produced and who produces them. Administrators can limit the number of print, copy, scan and fax jobs a user can perform, track activity at a user, group or department level, and manage access to color copying and printing.
Use of device functions (e.g., scan, e-mail and fax) can be restricted by user and by function according to access control lists set by the System Administrator.
When sending a job from a print driver or using the web print submission tool, the user selects the Secure Print method and enters a unique PIN number. Jobs are sent and safely stored at the device until the user enters that same unique PIN to release them. This controls unauthorized viewing of hard copy documents sent to the printer.
A labor saving feature for office and multifunction printers, this allows document-related software applications to be accessed on the user interface to improve workflow and minimize time at the device.
Removable Hard Drive Kits are supported on certain Production High Volume systems and select Office equipment:
WC5665, WC5675, WC5687
WC5735, WC5740, WC5745, WC5755
WC5765, WC5775, WC5790
WC7425, WC7428, WC7435, WC7440
WC7525, WC7530, WC7535, WC7545, WC7556
There are many security and hard drive mobility benefits to the Removable Hard Drive Kit:
Allows the System Administrator to quickly and easily remove hard drives and lock them up for storage in a safe or locked in a cabinet.
This eliminates the risk of unauthorized access when the device is unattended or is powered off at end of day.
This capability is helpful for customers who print data that is subject to legal regulations (e.g., HIPAA, PCI) or might have a Variable Input Printing database containing sensitive information.
The kit provides a means to relocate the printer’s disk drive to an external location attached to the machine.
The Disk drive is kept secure inside a lockable disk caddy attached to the back of the printer or attached shelf.
Extra caddies with disk drive are available for purchase. Extra disk drives allow different users or departments to control their own disk drive.
Most customers need to restrict access to a device to a limited set of authorized users and Operators. Xerox production devices include access control features such as:
Authentication Feature: This feature ensures that only properly authorized users are permitted to use a Production device. Any type of interaction between a user and a Xerox production device is associated with a security account. The association, or logon session, is the basis for granting access to any user. Once the logon session is established, the user can interact with the printer or access customer data, subject to restrictions based on the user's Role.
Role Based Access Control (RBAC): The RBAC feature ensures that authenticated users are assigned to a role of User, Operator, or Administrator. Each role has associated privileges with appropriate levels of access to features, jobs and print queue attributes.
Microsoft Active Directory Services: The Microsoft Active Directory Services (ADS) feature enables the device to authenticate user accounts against a centralized user account database, instead of exclusively using the user account database that is managed locally at the device.