Xerox® Security Guide for Office Class Products: AltaLink® VersaLink®
thumb drive. This ability can be restricted by enabling the Customer Service Engineer Restriction feature
which will require entry of a unique, customer designated password in order to accept the update.
Network Firmware Update:
Product system administrators can update product firmware using the Embedded Web Server.
The ability to apply a firmware update is restricted to roles with system administrator or Xerox service
permissions. Firmware updates can be disabled by a system administrator.
Xerox Remote Services Firmware Update:
Xerox Remote Services can update product firmware securely over the internet using HTTPS. This
feature can be disabled, scheduled, and includes optional email alerts for system administrators.
Service Technician (CSE) Access Restriction
The CSE (Customer Service Engineer) Access Restriction allows customers to create an additional
password that is independent of existing administrator passwords. This password must be supplied to
allow service of the product. This password is not accessible to Xerox support and cannot be reset by
Xerox service personnel.
Additional Service Details
Xerox products are serviced by a tool referred to as the Portable Service Workstation (PWS). Only Xerox
authorized service technicians are granted access to the PSW. Customer documents or files cannot be
accessed during a diagnostic session, nor are network servers accessible through this port. If a network
connection is required while servicing a Xerox device, service technicians will remove the device from any
connected networks. The technician will then connect directly to the device using an Ethernet cable,
creating a physically secure and isolated network during service operations.
Backup & Restore (Cloning)
Certain system settings can be captured in a 'clone' file that may be applied to other systems that are the
same model. Clone files are encoded but not encrypted and have the potential to contain sensitive
information depending on which product feature setting is selected. Access to both create and apply a
clone file can be restricted using role-based access controls. Clone files can only be created and applied
through the Embedded Web Server.
Xerox products can offer additional functionality through the Xerox Extensible Interface Platform (EIP).
Third party vendors can create Apps that extend the functionality of a product. Xerox signs EIP
applications that are developed by Xerox or Xerox partners. Products can be configured to prevent
installation of unauthorized EIP applications.
XCP (eXtensible Customizable Platform)
VersaLink® products offer additional functionality through the eXtensible Customizable Platform (XCP)
plug-in interface. Plug-ins can alter current functionality and add new functionality that may impact the
security of the product. XCP Plug-ins are signed and encrypted by Xerox; products can be configured to
reject unsigned plug-ins. XCP plug-ins are used to support USB peripherals and alternative login
methods (such as Smart Card login). The XCP plug-in feature is disabled by default and must be
manually enabled by a system administrator using the embedded web server.