Secure Installation and Operation of Your ColorQube™
9201/9202/9203
Purpose and Audience
This document provides information on the secure installation and operation of a ColorQube™ 9201/9202/9203 Multifunction
System. All customers, but particularly those concerned with secure installation and operation of these machines, should follow
these guidelines.
Overview
This document lists some important customer information and guidelines that will ensure that your ColorQube™
9201/9202/9203 Multifunction System is operated and maintained in a secure manner.
Background
The ColorQube™ 9201/9202/9203 Multifunction System is currently undergoing Common Criteria evaluation. The information
provided here is consistent with the security functional claims made in the Security Target. Upon completion of the evaluation,
the
Security
Target
(http://www.commoncriteriaportal.org/products.html) list of evaluated products or from your Xerox representative.
1. Please follow the guidelines below for secure installation, setup and operation of the evaluated configuration for a
ColorQube™ 9201/9202/9203 Multifunction System:
a). The security functions in the evaluated configuration of the ColorQube™ 9201/9202/9203 that should be set up by the
System Administrator are:
•
Immediate Image Overwrite
•
On Demand Image Overwrite
•
Disk Encryption
•
IP Filtering
•
Audit Log
•
SSL (for protection of management data)
•
IPSec
•
SNMP v3
•
Trusted Certificate Authorities
•
Authentication, Authorization and Personalization
•
802.1x Device Authentication
•
Session Inactivity Timeout
System Administrator login is required when accessing the security features of a ColorQube™ 9201/9202/9203 machine via
the Web User Interface (Web UI). To log in to the Web UI as an authenticated System Administrator, follow the instructions
under "CentreWare Internet Services" located on page 2-6 in the SAG
To log in to the Local User Interface (Local UI) as an authenticated System Administrator, follow the "Administrator Access"
instructions located on page 2-4 in the SAG
Follow the instructions located in the System Administrator Guide (SAG)
functions except as noted in the items below.
b). The following services of the ColorQube™ 9201/9202/9203 are also considered part of the evaluated configuration and
should be enabled when needed by the System Administrator - Copy, Embedded Fax, Scan to E-mail, Workflow Scanning,
Internet Fax and Reprint Saved Jobs.
c). Secure acceptance of the ColorQube™ 9201/9202/9203, once device delivery and installation is completed, should be done
by:
•
Printing out a Configuration Report by following the "How to Print a Configuration Report" instructions located on page
3-2 of the SAG
•
Comparing the software/firmware versions listed on the Configuration Report with the Evaluated Software/Firmware
versions listed in Table 2 of the Xerox ColorQube™ 9201/9202/9203 Multifunction Systems Security Target, Version 1.0
and make sure that they are the same in all cases.
d). Follow the "Authentication Configuration" instructions located on page 7-3 of the SAG
Follow the "Configuring Common Access Card" instructions starting on page 14 of the Common Access Card (CAC) Guide
to set up user authentication via a Common Access Card.
1
ColorQube™ 9201/9202/9203 System Administration Guide, Document Version : 1.0 (05/09)
T P
2
Xerox Common Access Card Xerox
T P
will
be
available
1
.
1
.
ColorQube™ 9201/9202/9203, Version 1.0, 09/09, 604E53830
from
the
Common
1
.
Criteria
Certified
Product
1
in Chapter 8, Security to set up these security
1
to set up an Authentication Server.
website
2