Altodigital and Zero Trust

• Make sure all user access is verified and start with the “no implicit trust” policy. Password protection is included with new Xerox^® printers.

• Implement role-based access controls for least privilege access and revalidation with enforced inactivity timeouts.

• With the help of Xerox Managed Print Services, Xerox Workplace Suite, and Cloud, you can expand the capabilities of your device fleet.

Starting point: ensure all user access is verified and start with the “no implicit trust” policy.

The Admin account passwords on Xerox^® Printers are secure and specific when they leave the factory. Role-based access controls can be put into place using local usernames, card-based authentication, PIN code access, and CAC/PIV secure authentication. With the use of inactivity timers and logouts, least privilege access and continuous revalidation can be enforced. Cloud identity providers (IdPs) like Ping Identity, Okta, Microsoft Azure Identity Services, as well as Xerox^® Workplace Cloud/Xerox^® Workplace Suite solutions, support multifactor authentication.

In order to provide a unified approach, Xerox^® Workplace Cloud Print Management Solution and Xerox^® Workplace Suite Print Management Solution extend the capabilities of Xerox^® Printers across a fleet of devices. By requiring users to unlock printers with cards/badges, mobile devices, or PIN codes before accessing the printers’ available services, they enforce a “never trust” security posture.

Every time a new connection is made, Xerox^® Managed Print Services enforces mandatory authentication at the user and system levels.

It creates user roles that are clearly defined for access, and it offers NIST 800-171R2 approved password management techniques.

Authorized printers on the network can communicate securely thanks to CA/Certificate Management.

• Constantly keep an eye out for and identify security threats, both potential and actual.

• Our printers feature McAfee whitelisting and firmware verification as anti-tampering measures.

• Tools like reCAPTCHA are used by Xerox Workplace Suite and Cloud to identify and prevent brute-force entry attempts.

• With the help of the Xerox^® Printer Security Audit Service, we implement fleet-wide device management and configuration settings.

Starting point: continuously keep an eye out for and find security threats.

The firmware in Xerox^® Printers is digitally signed, encrypted, and has firmware verification built-in to guard against attempts to tamper with the operating system’s code. Real-time malware monitoring by McAfee whitelisting rejects and alerts users to malicious activity.

The integrity of the system startup procedure is guaranteed by Trusted Boot.

To identify and counteract security threats, Syslog/Audit log data generation and integration with SIEM tools like LogRhythm, Splunk, and McAfee Security Manager are helpful. Cisco Identity Services Engine (ISE) enables us to identify and block the connection of unauthorised printers to your network.

To ensure seamless access and authentication, Xerox^® Workplace Cloud and Xerox^® Workplace Suite integrate with your ID management system. By doing this, synchronisation problems between the ID provider and the access control mechanism are avoided. We employ tools like reCAPTCHA to track and stop brute-force entry attempts at the local/device level.

Customers can set the frequency of security monitoring through Xerox^® Managed Print Services. With the help of the Xerox^® Printer Security Audit Service, we implement fleet-wide device management. By remotely establishing print and security policies, it is used to manage the configuration of the entire fleet in an intuitive manner. Additionally, it serves as the foundation for real-time, interactive dashboard reporting of data. Firmware updates and security patches are applied in accordance with the customer’s security policy.

• Contain the threat in the event of a potential compromise and offer quick remediation to get rid of it.

• Potential security breaches are limited by layers of security features, which also stop them from spreading to the fleet or the network.

• In the event that printer security settings are altered, the Configuration Watchdog feature automatically fixes the problem.

• The fleet of printers is kept in compliance with policy by the Xerox Printer Security Audit Service.

Starting point: Contain the threat in the event of a potential compromise and offer quick remediation to get rid of it.

At Xerox, we have created our printers with a security-first mindset to guard against threats. Further containing potential security breaches are layers of security features. The Configuration Watchdog printer feature, for instance, enables system administrators to set up to 75 security settings and proactively remediate (reset) them in the event that they are modified.

At the fleet level, Xerox^® Printer Security Audit Services uphold policy observance and promptly fix any contravening hardware. We consult with the client, review configuration policies on a regular basis (to make sure they are current with security requirements), and offer ongoing security recommendations.

• Protect data and documents from intentional and unintentional disclosure by using software solutions and data encryption techniques.

• 256-bit encryption, digital signatures, and password-protected file formats are used to protect the data you store.

• Using algorithms that have been approved by the U.S. DoD and NIST, data that is no longer needed can be deleted.

• Content security is offered by Xerox Workplace Suite and Cloud, which also produce alerts and reports on data usage.

Starting point: To prevent intentional and unintentional disclosure of data and documents, use software solutions and data encryption techniques.

Our printers’ storage drives are secured with 256-bit encryption.

Using data clearing and sanitization algorithms that have been approved by the US Department of Defense and the National Institute of Standards and Technology (NIST), stored data that is no longer needed can be deleted.

A PIN or card release system is used to protect print output. We also use digitally signed, encrypted, and password-protected file formats to stop scan information from going to people who shouldn’t.

Our printers allow you to lock down the “to,” “cc,” and “bcc” email fields, restricting the domains that can be scanned, such as internal ones. Xerox^® AltaLink^® Printers use IR (Infrared) technology with the Imaging Security feature to identify and mark sensitive documents. This stops any unintentional duplication of them and generates alerts and audit logs to keep track of any attempts at duplication.

To lessen the attack surface on the network, unused network services can be disabled.

IP filtering can be used to limit network access to only authorised clients for device management, scanning, and printing. Data in transit is safeguarded by secure protocols like SFTP, HTTPS, LDAPS, and IPsec. To make sure that only the most secure protocols are permitted to communicate with the device, FIPS mode can be enabled.

Content in transit and at rest is encrypted by the Xerox^® Workplace Cloud solution. A client’s own encryption key may be used to encrypt content kept in Xerox’s cloud. Clients can enjoy all the advantages of switching to cloud-based print management while maintaining control over who can access their data by using their own encryption management. The Xerox^® Workplace Cloud and Workplace Suite solutions’ Content Security feature gives users the ability to identify pre-defined sensitive content and produce alerts and reports based on how that data is used.

The fleet’s data and document protection features are enabled, policy infractions are corrected, and compliance is reported using the Xerox^® Printer Security Audit Services.

• For best results, simplify security procedures.

• Automation brings simplicity and frees up security teams to concentrate their efforts on more crucial problems.

• A small network of printers’ configuration and firmware updates are automated by the Fleet Orchestrator feature.

• By automating compliance enforcement, the Xerox Printer Security Audit Service streamlines fleet management and presents data in an intuitive dashboard format.

Starting point: Streamline security policy for best results.

Automation leads to simplicity and allows security teams to focus on important issues. The Fleet Orchestrator feature of Xerox^® Printers automates device configuration and applies firmware updates to a network of printers. This ensures compliance while reducing the burden on IT staff. With the integration of Cisco ISE and McAfee ePolicy Orchestrator, any printer can be automatically quarantined upon threat detection.

The above prevents damage to the printer, and protects the network and other endpoints. Xerox^® Printer Security Audit Services use a centralized policy mechanism and device grouping to streamline fleet management with minimal effort. Compliance enforcement and validation is fully automated. Dashboards present fleet, policy, and device compliance information in an easy-to-read, graphical format.