5
external users (specified by subnet mask) is dropped and so that following ports for web services are closed: tcp ports 53202,
53303, 53404 and tcp/udp port 3702.
IP Filtering is not available for either the AppleTalk protocol or the Novell protocol with the ‘IPX’ filing transport. Also, IP
Filtering will not work if IPv6 is used instead of IPv4.
x).
To enable disk encryption follow the instructions under “Enabling Encryption of Stored Data” on page 78 of the SAG.
Before enabling disk encryption the System Administrator should make sure that the machine is not in diagnostics mode
and that there are no active or pending scan jobs.
y).
The System Administrator should ensure that the Embedded Fax Card and fax software is properly installed. The System
Administrator can then set Embedded Fax parameters and options via the Local User Interface on the machine by following
the instructions on pages 152 through 160 in the SAG.
z).
To enable and configure IPSec, follow the instructions starting on page 83 of the SAG. IPSec should be used to secure
printing jobs; HTTPS (SSL) should be used to secure scanning jobs.
Use the default values for IPSec parameters listed in the IPSec discussion starting on page 83 in the SAG
whenever possible
for secure IPSec setup.
aa).
To enable the session inactivity timers (termination of an inactive session) from the Web UI follow the instructions on page
96 of the SAG.
bb).
There is a software verification test feature that checks the integrity of the executable code by comparing a calculated hash
value against a pre-stored value to ensure the value has not changed. To initiate this feature follow the instructions on page
105 of the SAG.
cc).
To enable the Scan to Mailbox feature from the Web UI follow the instructions under ‘Enabling or Disabling Scan to
Mailbox’ on page 126 of the SAG.
For the purposes of the evaluation, the Scan to Mailbox feature was set to store scanned documents only in private folders.
To set the scan policies for the Scan to Mailbox feature follow the instructions under ‘Setting Scan Policies’ starting on page
126 of the SAG
.
Public folders are not allowed in the evaluated configuration. The scan policies should therefore be set as
follows:
•
Deselect [
Allow Scanning to Default Public Folder
].
•
Deselect [
Require per Job password to public folders
].
•
Select [
Allow additional folders to be created
]
•
Select [
Require password when creating additional folders
].
•
Select [
Prompt for password when scanning to private folder
].
•
Deselect [
Allow access to job log data
].
Passcodes for Scan-to-Mailbox mailboxes should be selected to be as random as possible and should be changed on a
regular basis, consistent with applicable internal policies and procedures. Xerox recommends that the minimum length of a
password assigned to a private Scan to Mailbox folder be 8 alphanumeric characters.
dd).
To enable the Print from USB feature from the Web UI follow the instructions on page 119 of the SAG.
ee).
To enable the Print from Mailbox feature from the Web UI follow the instructions on page 120 of the SAG.
ff).
In the evaluated configuration the Embedded Fax Secure Receive option should be enabled
5
and the fax forwarding on
receive feature should be enabled. The Local Polling option and embedded fax mailboxes should not be set up or used at
any time.
To enable Secure Receive from the Local UI follow the instructions under ‘Enabling or Disabling the Secure Fax Feature’ on
page 154 of the SAG. The System Administrator should ensure that the secure receive passcode, which is fixed at 4-digits, is
changed every three days.
To enable Fax Forwarding on Receive and establish up to five fax forward rules from the WebUI follow the instructions for
Fax Forwarding starting on page 158 of the SAG.
•
The evaluation assumes that after normal business hours Fax Forwarding on Receive is enabled and secure receive is
disabled.
5
This will apply to any received fax, including faxes that are remotely polled to the device from another remote fax machine or remote device.
