10. IP Filtering: Enable and configure IP Filtering to create IP Filter rules by following the instructions under "IP
Filtering" in Section 4 of the SAG.
Note that IP Filtering is not available for either the AppleTalk protocol or the Novell protocol with the 'IPX' filing
transport. Also, IP Filtering will not work if IPv6 is used instead of IPv4.
11. Audit Log: Enable the audit log, download the audit log .csv file and then store it in a compressed file on an external
IT product using the Web UI by following the appropriate instructions for "Enabling Audit Log" and "Saving an Audit
Log", respectively, under "Audit Log" in Section 4 of the SAG.
Save audit log entries on a USB drive attached to the device via one of the Host USB ports using the Control Panel
by following the appropriate instructions for "Saving an Audit Log to a USB Drive" under "Audit Log" in Section 4 of
In downloading the Audit Log the System Administrator should ensure that Audit Log records are
protected after they have been exported to an external trusted IT product and that the exported records are only
accessible by authorized individuals.
The System Administrator should download and review the Audit Log on a daily basis. The machine will send a
warning email when the audit log is filled to 90% (i.e., 13,500) of the 15,000 maximum allowable number of entries,
and repeated thereafter at 15,000 entries until the Audit Log is downloaded.
12. IPSec: Enable and configure IPSec by following the instructions under "IPsec" in Section 4 of the SAG. Note that
IPSec should be used to secure printing jobs; HTTPS (SSL) should be used to secure scanning jobs. Use the default
values for IPSec parameters whenever possible for secure IPSec setup.
Note that IPSec can be disabled at the Control Panel by following the instructions for "Disabling IPSec at the Control
Panel" under "IPSec" in Section 4 of the SAG. However, if IPSec is disabled the device will no longer be in the
13. Session Inactivity Timeout: Enable the session inactivity timers (termination of an inactive session) from the Web
UI by following the instructions for "Setting System Timeout Values" or from the Control Panel by following the
instructions for "Setting the System Timeout Values at the Control Panel" in Section 4 of the SAG.
14. Secure Print: Set the Secure Print security function to require the User ID for identification purposes to release a
secure print job. Access and configure the Secure Print security function by following the instructions under
"Configuring Secure Print Settings" in Section 5 of the SAG.
Make sure the 'Release Policies for Secure Print Jobs Requiring Passcode When the User is Already Logged In' option
is set to Prompt for Passcode Before Releasing Jobs.
For best security print jobs (other than LANFax jobs) submitted to the device from a client or from the Web UI
should be submitted as a secure print job. To ensure that print jobs can only be submitted as secure print jobs, for
logged in users (since non-logged in users are denied permission to print any job in the evaluated configuration)
follow the instructions for "Setting Job Type Print Permissions under "Editing Print Permissions for the Non-Logged
In Users Role" under "Configuring Authorization Settings" in Section 4 of the SAG, select Custom and then set the
permission to be Allowed for Secure Print and Not Allowed for all other print types.
Once a secure print job has been submitted the authenticated user can either release the job for printing at the
Control Panel by following the instructions under "Releasing a Secure Print" or delete the job at the Control Panel by
following the directions under "Deleting a Secure Print", both under "Printing Special Job Types" under "Printing
Features" in Section 5 of the applicable User Guide
Note that only the submitter of a secure print job can release the job, and in the evaluated configuration only the
System Administrator can delete any job, including a secure print job. To ensure that only the System Administrator
can delete jobs, from the WebUI follow the instructions for "Editing Services and Tools Permissions for the Non-
Logged In Users Role" under "Configuring Authorization Settings" in Section 4 of the SAG and set the entry for
'Delete Jobs' under 'Job Status Pathway' to Not Allowed for all defined logged in user roles except the System
Administrator and Accounting Administrator roles, which are set to Allowed for this entry (non-logged in users
should be denied permission to access any device services or features as discussed in I.b.3.ii above).
Set job deletion to 'System Administrator Only' at the Control Panel by following the instructions for "Setting Job
Deletion Options at the Control Panel" in Section 10 of the SAG.
15. Hold All Jobs: The Hold All Jobs function is used in the evaluated configuration. Set the Enablement option to Hold
All Jobs in a Private Queue and the Unidentified Jobs Policies option to Hold Jobs; Only Administrators can
5845 / 5855 / 5865 / 5875 / 5890 User Guide, Version 1.0: January 2013; Xerox
Version 1.0: April 2013; Xerox
Xerox ConnectKey Controller User Guide, Version 1.0: February 2013.
7800 Series User Guide, Version 1.0: February 2013; Xerox
7220 / 7225 User Guide,
9301 / 9302 / 9303