Security Capabilities - Xerox WorkCentre 7655 Evaluator Manual

SECURITY CAPABILITIES

EVALUATE
What type of
meet this demand? Can device access be
and in memory? Does the multifunction system vendor participate in
HOW THE XEROX WORKCENTRE
ADVANTAGE
XEROX
EXCEEDS THE SECURITY CAPABILITIES REQUIREMENT
Built-in Security
Xerox is committed to the security of its products and takes a unique approach to security within the
document industry: Xerox believes security should be built in as a core component of the
multifunction system and its controller.
The WorkCentre 7655/7665/7675 series offers built-in security features for physical and network-based
access controls, user authentication, usage tracking, file encryption, and file deletion to fully comply
with the IT organisation's information security policies. This is accomplished through intelligent design
architecture that complies with stringent industry security standards and increasing regulations in the
government, military, health care (HIPAA), legal (Sarbanes-Oxley), financial (Gramm-Leach-Biley Act) and
pharmaceutical (FDA 21 CFR Part 11) sectors. The security capabilities of WorkCentre 7655/7665/7675
series multifunction systems can be further extended with solutions from Xerox Alliance Partners.
Security features of the WorkCentre 7655/7665/7675 series include:
• 802.1x Support —
• Analogue Fax and Network Isolation —
the network connection to foil incoming attacks
• Authentication
- Network Authentication —
• Firewall —
and Port Blocking
• Image Overwrite Security Kit —
processed to the hard disk in print, copy, scan, and fax modes using
a three-pass algorithm specified by U.S. Department of Defense
Directive 5200.28-M
• Internal Security Audit Log —
satisfying the needs of organisations that must provide logging of the
transfer of Personally Identifiable Information per regulations like
HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley Act, and more
14
W O R K C E N T R E 7 6 55/7665/7675 EVALU ATO R G UI D E
does your office require? Does the device have the
security requirements
Ensures devices connected to the network are properly authorised
- System Administrator Authentication —
to administrative web pages to be restricted to authorised employees. Device Access Password
Protection further restricts access to device setup screens and remote network settings
Restricts access to scan, email, and fax features by validating
network user names and passwords
- Copy Auditron — Restricts user access to the device, sets limits for users and groups, tracks
jobs and provides reports
Restricts access via IP Address Filtering, Domain Filtering,
? Does the device
password protected
® 7655/7665/7675 SERIES
Controller architecture isolates the fax telephone line and
The WorkCentre 7655/7665/7675 series allows access
Electronically erases data that has been
Permits tracking of activity at the device,
security features
on disk drives
remove latent images
third-party testing and certification
Common Criteria Certification:
The National Information Assurance
Partnership (NIAP) is a U.S. government
initiative to meet the security testing of
Common Criteria, and is a collaboration
between the National Institute of Standards
and Technology (NIST) and the National
Security Agency (NSA). Common Criteria
for IT Security Evaluation is an interna-
tionally recognised methodology (ISO
15408) for evaluating the security claims of
hardware and software vendors. The five
major elements of Common Criteria are
availability, integrity, confidentiality,
accountability and nonrepudiation.
to
?