User Data Protection; User Data Protection While Within Product - Xerox D Series Security Manual

Xerox® Security Guide for Light Production Mono Class Products

2 User Data Protection

Xerox printers and multifunction products receive, process, and may optionally store user data from
several sources including as local print, scan, fax, or copy jobs or mobile and cloud applications, etc.
Xerox products protect user data being processed by employing strong encryption. When the data is no
longer needed, the Image Overwrite (IIO) feature automatically erases and overwrites the data on
magnetic media, rendering it unrecoverable. As an additional layer of protection, an extension of IIO
called On-Demand Image Overwrite (ODIO) can be invoked to securely wipe all user data from magnetic
media.

User Data protection while within product

This section describes security controls that protect user data while it is resident within the product. For a
description of security controls that protect data in transit please refer to the following section that
discusses data in transit; also the
Encryption
All user data being processed or stored to the product is encrypted by default. Note that encryption may
be disabled to enhance performance on both Legacy and D-Series® products (though this is not
recommended in secure environments).
The algorithm used in the product is AES-256. The encryption key is automatically created at start up
and stored in the RAM. The key is deleted by a power-off, due to the physical characteristics of the RAM.
TPM Chip
The Legacy and D-Series® products do not contain a TMP chip. Please refer to
Security Profiles for model specific information.
Media Sanitization (Image Overwrite)
Legacy and D-Series® products equipped with magnetic hard disk drives are compliant with NIST
Special Publication 800-88 Rev1: Guidelines for Media Sanitization. User data is securely erased using a
three-pass algorithm as described in the following link:
https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-88r1.pdf
Note: Solid State storage media such as Solid-State Disk, eMMC, SD-Card, and Flash media cannot be completely
sanitized by multi-pass overwriting methods due to the memory wear mapping that occurs. (Additionally, attempts to do
so would also greatly erode the operational lifetime of solid state media). Solid State media is therefore not
recommended for use in highly secure environments. Please refer to NIST-800-88 "Table A-8: Flash Memory-Based
Storage Product Sanitization" for technical details.
Immediate Image Overwrite
When enabled, Immediate Image Overwrite (IIO) will overwrite any temporary files that were created on
the magnetic hard disk that may contain user data. The feature provides continuous automatic
overwriting of sensitive data with minimal impact to performance, robust error reporting, and logging via
the Audit Log.
Network Security section of this document.
Appendix A: Product