Lexmark XC4342 Security White Paper - Page 43

Secure Data 43 You can select the following options from the Erase Printer Memory function: • Erase all printer and network settings • Erase user flash • Erase all apps and app settings Note: After all settings are removed or reset, network connectivity cannot be retained because the device is in the out-of-box shipping state. You are prompted to restart the device or turn it off for transport. There is no network connectivity until the device is restarted to ensure that the original ship configuration is maintained. Trusted Platform Module Overview Lexmark security features help keep information safe-in the document, on the device, over the network and at all points in between. The 2022 new product announcements, now include a standard Trusted Platform Module (TPM), which delivers authentication, system integrity checks, and cryptographic capabilities to create a unique digital system fingerprint. TPM is quickly becoming the industry standard for enterprise hardware security. It provides a more secure experience for users by storing hard drive encryption keys on a separate piece of hardware, other than where the data is stored, which adds more layers of protection. This hardware also helps make encryption stronger with enhanced random number generation. Also, in the future it will help securely identify printers to the Lexmark cloud and other applications. Lexmark has moved away from the Secure Element to a customer installable TPM. TPM is an option for various Lexmark models that were announced in 2018 and later. Benefits TPM is designed to strengthen a Lexmark device's ability to secure information whether it is stored in the device or transmitting critical information to or from a device. The main purpose of this component is to provide improved capabilities to secure the cryptographic keys that are generated by the device and provide more complex methods to generate random numbers which are used to create cryptographic keys. TPM will immediately satisfy many corporations or government agencies that need to have certifications around the device's cryptography. • Stronger random number generation. • Secure key store for certificates and encryption keys. • Hard disk encryption key is protected by the TPM. • TPM will be a requirement for future Common Criteria and FIPS PUB 140-2 validations. Hard Disk File Wiping The file-based disk wipe sanitizes the portion of the hard disk where job data was stored after a job has been processed so that no residual data can be read. "Complete," "Out of Service," or "Sanitize all information on hard disk" disk erasure, which is explained later, erases the entire disk, while the file-based disk wiping described in the following paragraph erases the portion of the disk where the job data was stored. Lexmark devices offer a single-pass or multiple-pass wipe that is compliant with the National Institute of Standards and Technology (NIST) and U.S. Department of Defense (DOD). You can perform this operation in several ways.