Xerox® Security Guide for Office Class Products: AltaLink® VersaLink®
5 Device Security: BIOS, Firmware, OS, Runtime, and
Operational security controls
AltaLink® and VersaLink® products have robust security features that are designed to protect the system
from a wide range of threats. Below is a summary of some of the key security controls.
Pre-Boot BIOS Protection
The BIOS is inaccessible and cannot be cleared or reset.
The BIOS can only be modified by a firmware update, which is digitally signed.
BIOS will fail secure, locking the system if integrity is compromised.
Configuration Settings (including security settings) and User Data are encrypted by AES.
Each device is encrypted using its own unique key.
Boot Process Integrity
Firmware Integrity & Verification
Firmware is digitally signed.
Firmware is verified against a whitelist using cryptographic hashing.
Runtime Intrusion Prevention & Detection
Runtime Executable Control
McAfee Embedded Control prevents unauthorized software from executing. This prevents
worms, viruses, spyware, and other malware that install themselves from executing
Runtime Intrusion Detection – Memory Control
McAfee Embedded Control ensures that running processes are protected from malicious
attempts to hijack them. Unauthorized code injected into a running process is detected and
Event Monitoring & Logging
The Audit Log feature records security-related events.
Continuous Operational Security
Firmware and Diagnostic Security Controls
Firmware installation controls limit who can install firmware and from where.
Customer defined service technician (CSE) restrictions add an additional layer of protection to
prevent unauthorized access and/or modification of AltaLink® and VersaLink® products.