Xerox® Security Guide for Office Class Products: AltaLink® VersaLink®
3 User Data Protection
Xerox printers and multifunction products receive, process, and may optionally store user data from
several sources including as local print, scan, fax, or copy jobs or mobile and cloud applications, etc.
Xerox products protect user data being processed by employing strong encryption. When the data is no
longer needed, the Image Overwrite (IIO) feature automatically erases and overwrites the data on
magnetic media, rendering it unrecoverable. As an additional layer of protection, an extension of IIO
called On-Demand Image Overwrite (ODIO) can be invoked to securely wipe all user data from magnetic
User Data protection while within product
This section describes security controls that protect user data while it is resident within the product. For a
description of security controls that protect data in transit please refer to the following section that
discusses data in transit; also the
All user data being processed or stored to the product is encrypted by default. Note that encryption may
be disabled to enhance performance on AltaLink® products (though this is not recommended in secure
environments). Xerox VersLink products do not have such an option.
The algorithm used in the product is AES-256. The encryption key is automatically created at start up
and stored in the RAM. The key is deleted by a power-off, due to the physical characteristics of the RAM.
Some models include a Trusted Platform Module (TPM). The TPM is compliant with ISO/IEC 11889, the
international standard for a secure cryptoprocessor, dedicated to secure cryptographic keys. The TPM is
used to securely hold the product storage encryption key. Please refer to
for model specific information.
Media Sanitization (Image Overwrite)
AltaLink® and VersaLink® products equipped with magnetic hard disk drives are compliant with NIST
Special Publication 800-88 Rev1: Guidelines for Media Sanitization. User data is securely erased using a
three-pass algorithm as described in the following link:
Note: Solid State storage media such as Solid-State Disk, eMMC, SD-Card, and Flash media cannot be completely
sanitized by multi-pass overwriting methods due to the memory wear mapping that occurs. (Additionally, attempts to do
so would also greatly erode the operational lifetime of solid state media). Solid State media is therefore not
recommended for use in highly secure environments. Please refer to NIST-800-88 "Table A-8: Flash Memory-Based
Storage Product Sanitization" for technical details.
Immediate Image Overwrite
When enabled, Immediate Image Overwrite (IIO) will overwrites any temporary files that were created on
the magnetic hard disk that may contain user data. The feature provides continuous automatic
overwriting of sensitive data with minimal impact to performance, robust error reporting, and logging via
the Audit Log.
On-Demand Image Overwrite
Complementing the Immediate Image Overwrite is On-Demand Overwrite (ODIO). While IIO overwrites
individual files, ODIO overwrites entire partitions. The ODIO feature can be invoked at any time and
optionally may be scheduled to run automatically.
section of this document.
Appendix A: Product Security