Xerox Product Security
Version 5.0March 23, 2012Xerox Product SecurityData Protection: Image Overwrite,Encryption and Disk Removal
DisclaimerThe information provided in this Xerox Product Response is provided "as is" without warranty of any kind. XeroxCorporation disclaims all warranties, either express or implied, including the warranties of merchantability and fitness fora particular purpose. In no event shall Xerox Corporation be held responsible for any damages whatsoever resulting fromuser's use or disregard of the information provided in this Xerox Product Response including direct, indirect, incidental,consequential, loss of business profits or special damages, even if Xerox Corporation has been advised of the possibilityof damages. Some states do not allow the exclusion or limitation of liability for consequential damages so the foregoinglimitation may not apply.XEROX and all Xerox product names are trademarks of XEROX CORPORATION. Other trademarks belong to theirrespective owners.Copyright XEROX CORPORATION 2012. All Rights Reserved.2
IntroductionGeneral Purpose and AudienceXerox Corporation nor Xerox devices could possibly know what information is sensitive to your business. This document isintended to provide users of Xerox products accurate and actionable information to help them evaluate and manage risksassociated with image data stored to disk drives or other non-volatile memory.(The latest version of this document is alwaysposted publicly at www.xerox.com/diskdrive)Summary InformationXerox copiers, printers and multifunction products are intelligent devices that contain a computer and the necessary softwarethat allows them to accomplish the many productivity-enhancing tasks that have become so valuable to today’s workplaces.These internal computers may have a disk drive or other non-volatile storage where image data is written during job processing,or where it may be stored for later reprint. From the introduction of the first digital products Xerox has recognized the risk ofretained data being inappropriately recovered from non-volatile storage and built features and countermeasures into our devicesto help customers safeguard their data.Xerox has taken information security seriously for years. An excellent source for security information is www.xerox.com/security,where information including security bulletins and patch information, US-CERT advisories, white papers, and videos on whatcustomers can and should be doing to mitigate security risks can be found. Xerox provides detailed information about internalproduct workflows and the algorithm used for image overwrite in Information Assurance Documents which are available formany products at the website or as requested for older products.Different devices represent different levels of risk. It’s axiomatic that as functionality increases so does the potential risk. Forthose devices, countermeasures are built into the machine to reduce the risk. Not all copiers have hard disk drives. Those that do not are not at risk. Some copiers and multifunction devices have hard disk drives, but do not use the hard disk drive to save document images.These are also not a risk. Those copiers and multifunction devices that do use hard disk drives to temporarily store images, should have an "imageoverwrite" feature that destroys the copied image immediately." That function should be built in, (which Xerox does), orinstallable via a security kit. If neither solution exists for the product, it is at risk. Also, most copiers and multifunction devices that have hard disks include a disk encryption feature which encrypts all storedcustomer image data with the state-of-the art AES encryption algorithm. Xerox has developed a disk removal program so that prior to a device being returned a Xerox technician will remove the disksand leave them with the customer. This program charges a flat fee per machine for the service. Contact Xerox CustomerSupport for information on fees and availability in your geography.Things to RememberThe use of any type of Image Overwrite on a Xerox device will not erase files stored on other media or on workstations.If the Xerox device is powered off before an Overwrite operation completes, it cannot be certain that all data was securelydeleted. In this event, it is recommended that another Image Overwrite should be performed.NOTE: Xerox strongly recommends the default Administrator password be changed on all devices to prevent unauthorized accessto configuration settings.3
Best Practices for Hard DrivesDisk encryption will effectively protect data at rest from unauthorized access. Image overwrite is effective at removing datafrom the hard drive once the data is no longer needed. Xerox recommends that the following features be enabled for productssupporting Disk Encryption and the Image Overwrite feature. Disk Encryption – Depending on the specific model, the encryption process uses state-of-the-art AES 128-bit or AES 256 bitencryption to secure data at rest. On Demand Image Overwrite – Executed prior to removal or as needed to remove all image data from disk or other nonvolatile storage. Immediate Image Overwrite – Automatically executed immediately after jobs are completed to remove image data fromdisk or other non-volatile storage. Scheduled Image Overwrite – Automatic, daily overwrite of all image data from disk or other non-volatile storage includingany pending jobs.NOTE: Depending on the specific model Image Overwrite functions can be set to use a one or three pass method to securelysanitize job image data off the drive.Xerox does not offer sanitization or cleansing services for returned disk drives. Some returned disks may get overwritten as partof the remanufacturing process; however it is not possible to know what happens to a specific disk in any particular case. Theintention of this is to give Xerox customers a no cost, very high confidence solution for ensuring their data has been renderedinaccessible. We believe this provides that confidence without adding expensive tracking/auditing/sampling processes. Xerox isreviewing additional cost options should a customer have the need for both a high level of confidence in the destruction processcombined with a very high degree of auditing.Retain Your DriveFor customers who are concerned that the data on their drive is more sensitive or even classified, Xerox has what it calls the HardDrive Retention Service. This service allows customer, for a fee, to retain their hard drive(s) and sanitize or destroy them in amanner that they feel will keep their data secure. Contact your Xerox Sales Representative for details on this program.A public facing document is available on the Security@Xerox website regarding the hard drive retention program.The document may be downloaded here.4
Next StepsThe tables below will help you to identify Xerox products containing disks or other non-volatile storage and whether thoseproducts include image overwrite capability and/or disk encryption.You’ll need to assess the risk for your environment and determine whether hard drive removal or image overwrite is appropriate.Instructions on how to install or enable image overwrite or disk encryption can be found in the product documentation which isavailable online at www.xerox.com in the ‘Support and Drivers’ link. These features can be administered at the local userinterface or using Centreware Internet Services (CWIS).Xerox offers technical and professional services to assist you.Please contact your local Xerox sales representative or call1-800-ASK-XEROX (1-800-275-9376 x773) (8 AM - 8 PM ET, MON FRI). Also you can check our website /enus.html for training and consultinghelp.How To Use This DocumentIt is recommended you read this up front matter to be sure what is contained in the document and what processes are availableto you as a Xerox customer. This document is delivered in PDF format. To quickly find information about your particular model(s)of Xerox equipment, you may use the Search capabilities of Adobe Acrobat or other PDF tool to search for a Model number. Thiswill help you quickly jump to the point in the tables that contain the information you need.5
Product DesignationDetailed Security InformationImage OverwriteDiskEncryptionDefaultEnablementReturn or DisposalActionNot availableNot availableNo special actionexcept where noted.Devices with harddrives allowImmediate ImageOverwrite, OnDemand ImageOverwrite.AES 256 bitencryptionenabled bydefault andcannot bedisabled.Run On-DemandImage Overwriteprior to return.DefaultenablementCopy Centre C20, C118DocuColor 12FaxCentreF12,110,116,118,2121, 2218Phaser 3100MFP, 3200MFP,3300MFPPhaser 3140, 3155B, 3160B,3160NThe products listed do not contain ahard drive and are not vulnerable toinformation theft from the hard drive.*Note: The WC4118 has battery backup for image memory. Remove powerfor 72 hours to allow battery to drain,dissipating any residual image data.Phaser 3150Phaser 3425, 3428Phaser 3250Phaser 3500Phaser 3600Phaser 6000 / 6010Phaser 6110MFPPhaser 6115MFPPhaser 6121MFPPhaser 6128MFPPhaser 6180, 6180MFPPhaser 6505Phaser 8500WorkCentre M20, M20i, M15,M15i, M118, M118i, PE120,PE120iWorkCentre Pro 215, 412, 416,421, 3119, 3550WorkCentre 4118*WorkCentre 4150/CWorkCentre 3210, 3220WorkCentre 6015, 6505Xerox 214/212 DigitalPrinter/CopierPhaser 4600/4620Hard drives are optional onall Models.Disabled6Otherwise, call theXerox CustomerSupport Center tocheck on availabilityor to schedule diskremoval.
Product DesignationDetailed Security InformationImage blementReturn or DisposalActionPhaser 6280The product listed contains anoptional hard drive used for printoperations. Neither Image Overwritenor disk encryption of the hard disk isavailable.Not availableNot availableIf optional hard driveis present, considerhaving disk removed.Phaser 6360/NHard drives are optional onN/APhaser 6360/DNN / DN / DT Models.Run On-DemandImage Overwriteprior to return.Phaser 6360/DTDX Model has hard drive standardDevices with harddrives allow OnDemand ImageOverwrite and alsoAutomatic Removalof Secure, Personal,and Proof Jobs.Hard drives are optionalEnabledPhaser 6360/DXPhaser 6700On Demand andScheduledOverwrite aresupported.Phaser 7800Phaser 8400Hard drives are standard onEnabledDN / DX / GX Models.On Demand andScheduledOverwrite aresupported.Hard drives are optional onEnabledN / DP / DX Models.On Demand andScheduledOverwrite aresupported.Otherwise, call theXerox CustomerSupport Center tocheck on availabilityor to schedule diskremoval.Installed anddisabled bydefault.Run On-DemandImage Overwriteprior to return.Otherwise, call theXerox CustomerSupport Center tocheck on availabilityor to schedule diskremoval.Installed anddisabled bydefault.Run On-DemandImage Overwriteprior to return.Otherwise, call theXerox CustomerSupport Center tocheck on availabilityor to schedule diskremoval.Not availableRun On-DemandImage Overwriteprior to return.Otherwise, call theXerox CustomerSupport Center tocheck on availabilityor to schedule diskremoval.7
Product DesignationDetailed Security InformationImage OverwriteDefaultenablementWorkCentre 5030/5050*WorkCentre 5135/5150*WorkCentre 5325/5330/5335**WorkCentre 5632, 5638, 5645,5655, 5665, 5675, 5687**WorkCentre 5735, 5740, 5745,5755, 5765, 5775, 5790**The products listed do not use a harddrive for Copy jobs.The WorkCentre products use a harddisk for print and scan operations.*Image Overwrite is included as astandard feature in the WC5030/5050and WC5135/5150. Disk encryption isincluded as a standard feature in theWC 5030/5050 with system softwareversion 5.004.44.000 or greater.** Image Overwrite, which allowsoverwriting of the image data uponjob completion, on demand or on aprogrammed recurrence schedule, anddisk encryption, which encrypts theimage store areas on the hard disks,are included as standard features onthe WorkCentre 56XX and 57XXproducts.Applies only if the Fax accessory ispresent:WC5030/5050 - Fax non-volatilememory is not overwritten;WC5135/5150 – Fax non-volatilememory is overwritten if ImageOverwrite is installed andenabled;WC5600 and 5700 series – Faxnon-volatile memory isoverwritten if Image Overwrite isenabled.CopyCentre/WorkCentre/WorkCentre Pro 232, 238, 245,255, 265, 275*CopyCentre C65/C75/C90CopyCentre C35, C45, C55WorkCentre M35, M45, M55WorkCentre Pro 35, 45, 55WorkCentre Pro 65/75/90CopyCentre C165, C175WorkCentre M165, M175WorkCentre Pro 165, 175WorkCentre BookMark 40/558The products listed do not use a harddrive for Copy jobs.The WorkCentre products use a harddisk for print and scan operations.An Image Overwrite optionalaccessory is available for theseproducts which allow overwriting ofthe image data upon job completionor on demand.*On selected releases the Image DiskOverwrite can be configured to run ona regular schedule.Applies only if the Fax accessory ispresent:Fax non-volatile memory is notoverwritten.WorkCentre5030/5050:Installed. but,code forinstallation.Contact XeroxCustomerSupport toobtaininstallationcodes.WorkCentre 5600series:prior to systemSW version21.120.031.000:Installed, butDisabled uponinstallation,Contact XeroxCustomerSupport toobtaininstallationcodes; aftersystem SWversion21.120.031.000or25.054.010.000:Installed re5030/5050:Prior to systemSW version05.004.44.000,not available.After systemSW version05.004.44.000,installed andenabled.Return or DisposalActionIf features arepresent, run OnDemand ImageOverwrite prior toreturn.Otherwise, call theXerox CustomerSupport Center tocheck on availabilityor to schedule diskremoval.All others:Installed andenabled.WorkCentre5135/5150;5325/5330/5335,5700 series:Installed andEnabled.Enabled uponinstallation.Contact XeroxCustomer Supportto obtain theOption PIN.Not available,except for 200series.Disk encryptionis included as astandardfeature in theCC/WC/WC Pro200-series withsystemsoftwareversion12/13/14.60.17.000 or greater.It is enabled bydefault andcannot bedisabled.If features arepresent, run OnDemand ImageOverwrite prior toreturn.Otherwise, call theXerox CustomerSupport Center tocheck on availabilityor to schedule diskremoval.
Product DesignationDetailed Security InformationImage OverwriteDefaultenablementColorQube 9301, 9302, 9303ColorQube 9201, 9202, 9203ColorQube 8570, 8870WorkCentre 6400WorkCentre 7655, 7665, 7675WorkCentre 7755, 7765, 7775The products listed use a hard drive forall imaging functions.Image Overwrite, which allowsoverwriting of the image data uponjob completion or on demand, and diskencryption, which encrypts the imagestore areas on the hard disks, areincluded as standard features.Applies only if the Fax accessory ispresent:CQ9200, CQ8570/8870, andWC7700 series - Fax non-volatilememory is overwritten if ImageOverwrite is installed andenabled;CQ93XX, CQ92XX,and WC77XXseries:Installed andEnabledWC76XX series:Contact your XeroxSalesrepresentative topurchase the SIMcard.ColorQube8570/8870 andWorkCentre 6400:Installed butdisabled by defaultDiskEncryptionDefaultEnablementInstalled andEnabledWorkCentre6400:Installed butdisabled bydefaultReturn or DisposalActionRun On-DemandImage Overwriteprior to return.Consider diskremoval for completeassurance.ColorQube8570/8870models do notsupport diskencryption.WC6400 and 7600 series – Faxnon-volatile memory is notoverwritten.CopyCentreC2128/C2636/C3545*The products listed use a hard drive forall imaging functions.WorkCentre ProC2128/C2636/C3545*An Image Overwrite optionalaccessory is available for theseproducts which allow overwriting ofthe image data upon job completionor on demand.CopyCentre Pro C32, C40WorkCentre Pro 32, 40Not installed.Enabled uponinstallation.Contact XeroxCustomer Supportto obtain SoftwareOption Card.Not availableUninstalled.Enabled uponinstallation.Contact XeroxCustomer Supportto obtain the DataSecurity Kit.Uninstalled.Enabled uponinstallation.Contact XeroxCustomerSupport toobtain the DataSecurity Kit.Otherwise, call theXerox CustomerSupport Center tocheck on availabilityor to schedule diskremoval.Applies only if the Fax accessory ispresent: Fax non-volatile memory isnot overwritten.WorkCentre 7120/7125WorkCentre 7132WorkCentre 7232, 7242WorkCentre 7228, 7235, 7245The products listed use a hard drive forall imaging functions.An Image Overwrite optionalaccessory is available for theseproducts which allow overwriting ofthe image data upon job completionor on demand.Applies only if the Fax accessory ispresent:If features arepresent, run OnDemand ImageOverwrite prior toreturn.No special action iffeatures were beingused.If features were notbeing used, call theXerox CustomerSupport Center tocheck on availabilityor to schedule diskremoval.Fax non-volatile memory isoverwritten if Image Overwrite isinstalled and enabled.9
Product DesignationDetailed Security InformationImage /7346The products listed use a hard drive forall imaging functions.WorkCentre 7425/7428/7435*Image Overwrite is included as astandard feature on these products.Installed andEnabledDiskEncryptionDefaultEnablementReturn or DisposalActionInstalled andEnabledNo special action iffeatures were beingused.If features were notbeing used, call theXerox CustomerSupport Center tocheck on availabilityor to schedule diskremoval.*Disk encryption, which encrypts theimage store areas on the hard disks, isincluded as a standard feature.Applies only if the Fax accessory ispresent:Fax non-volatile memory isoverwritten if Image Overwrite isinstalled and enabled.WorkCentre7525/7530/7535/7545/7556The products listed use a hard drive forall imaging functions.Image Overwrite is included as astandard feature on these products.Installed, butdisabled by default;can be enabledusing CWISInstalled, butdisabled bydefault; can beenabled usingCWISNo special action ifImmediate Overwriteand Data Encryptionwere enabled.On thoseproducts thatinclude diskencryption, it ispermanentlyenabled andcannot bedisabled.If features arepresent, run OnDemand ImageOverwrite prior toreturn.WorkCentre Pro123, 128, 133:Disk encryptionmust beenabled afterthe option isinstalled.Contact XeroxCustomerSupport toobtaininstallationcodes.No special action iffeatures were beingused.Disk encryption, which encrypts theimage store areas on the hard disks, isincluded as a standard feature.Phaser 3635*WorkCentre 4150S, tre4260S/4260X/4260XF*The products listed use a hard drive forCopy operations involvinglandscape/stapled jobs only.The products listed use a hard drive forprint and scan operations.Installed, butdisabled by default;can be enabledusing CWIS* Image Overwrite is included as astandard feature on these products.* These products include diskencryption.** Image Overwrite is a chargeableoption on the WC4150 products.CopyCentre C123, C128, 133WorkCentre M123, M128, 133WorkCentre Pro 123, 128, 133*WorkCentre 5222/5225/5230*WorkCentre 5016, 5020The CopyCentre and WorkCentreproducts do not use a hard drive forcopy, unless the optional hard driveoption has been installed.The WorkCentre Pro products use ahard drive for print and scanoperations.* A Data Security Kit that includes bothimage overwrite and disk encryption isavailable for the products indicated.WorkCentre Pro123, 128, 133:Image Overwritemust be enabledafter the option isinstalled. ContactXerox CustomerSupport to obtaininstallation codes.WorkCentre 5200series: Enabledupon installation.WorkCentre5200-series:Enabled uponinstallation.10Full On DemandOverwrite willremove all job andFax data.Otherwise, call theXerox CustomerSupport Center tocheck on availabilityor to schedule diskremoval.If features were notbeing used, call theXerox CustomerSupport Center tocheck on availabilityor to schedule diskremoval.
Product DesignationDetailed Security InformationImage OverwriteDefaultenablementPhaser 77
WorkCentre 5135/5150* WorkCentre 5325/5330/5335** WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687** WorkCentre 5735, 5740, 5745, 5755, 5765, 5775, 5790** The products listed do not use a hard drive for Copy jobs. The WorkCentre products use a hard disk for print and scan operations. *Image Overwrite is included as a
Xerox VersaLink B405 38.51.71 1.57.13 Xerox VersaLink C400 67.51.71 1.57.12 Xerox VersaLink C405 68.51.71 1.57.13 Xerox VersaLink B600/B610 32.51.71 1.57.12 Xerox VersaLink B605/B615 33.51.81 1.57.13 Xerox VersaLink C500/C600 61.51.71 1.57.12 Xerox VersaLink C505/C605 62.51.81 1.57.13 WorkCentre 6515
5890 / 5890i, Xerox WorkCentre 5945 / 5945i / 5955 / 5955i, Xerox WorkCentre 6655 / 6655i, Xerox WorkCentre 7220 / 7220i / 7225 / 7225i, Xerox WorkCentre 7830 / 7830i / 7835 / 7835i / 7845 / 7845i / 7855 / 7855i / EC7836 / EC7856, Xerox WorkCentre 7970 / 7970i 2016 Xerox ConnectKey Technology Purpose and Audience
Xerox Phaser 6600 and Xerox WorkCentre 6605 Detailed Specifications 3 Xerox Mobile Express Driver Makes it easy for mobile users to find, use and manage Xerox and non-Xerox devices in every new location. Plug into a new network, and Xerox Mobile Express Driver automatically discovers available
Xerox Phaser 1235 . IBM InfoPrint 1145L MFP : Xerox Phaser 2135DT . IBM InfoPrint Color 8 : Xerox Phaser 3400 . IBM LaserPrinter 4039 : Xerox Phaser 3450 . IBM Network Printer 12 : Xerox Phaser 3500 . IBN Network Printer 17 : Xerox Phaser 4500DX . Konica KL-3015 : Xerox Phaser 5400 . Kyocera FS-C50 16N :
* Apple AirPrint and Xerox Print Service Plug-in for Android are standard/free of charge protocols for Apple iOS, Android and Xerox ConnectKey -enabled devices. Xerox Mobile Print is an add-on software product that allows users to print to Xerox or non-Xerox print devices. Capture It A scan gets initiated from your
A: Xerox printers and multifunction devices can be remotely connected to Xerox using two main technologies: Device Direct and Xerox Device Agent/Manager (XDA, XDM). Device Direct is a standard feature on most of Xerox newest products — no additional software is required. All you need is a connection for your Xerox product to the external
2019 Xerox Corporation. Todos los derechos reservados. Xerox , Xerox con la marca figurativa , AltaLink , FreeFlow , SMARTsend , Scan to PC Desktop , MeterAssistant , SuppliesAssistant , Xerox Secure Access Uni- fied ID System , Xerox Extensible Interface Platform , Global Print Driver y Mobile Express Driver son marcas comerciales de Xero
Xerox Variable Data Intelligent PostScript Printware (VIPP) is a proprietary page description language developed by Xerox. To print documents in Xerox VIPP format, use a third-party application that is compatible with Xerox VIPP format. Send the Xerox VIPP job or download the Xerox
