Home » Lexmark Manuals » Printers » Lexmark XC4342 » Manual Viewer

Lexmark XC4342 Security White Paper - Page 8

Lexmark Secure Software Development Lifecycle SSDL, Systems CVSS.

Add to My Manuals
Save this manual to your list of manuals

Page 8 highlights

Lexmark Secure Software Development Lifecycle (SSDL) 8 3 If yes to 2 step then, the security bug is scored using the industry standard Common Vulnerability Scoring Systems (CVSS). Note: The severity score published in a technical alert can score differently in speciﬁc implementations. 4 Internal processes are initiated to log, track, patch, and test the bug ﬁx, and an updated code is provided through a patch process. 5 If the CVSS score warrants, Lexmark issues a security advisory for the products affected. For Lexmark security advisories, go to https://support.lexmark.com/alerts To submit a potential vulnerability or concern to the team, an e-mail is sent to [email protected]. This submission form allows for direct communication with our subject matter experts. We then follow our standard vulnerability process to assign severity and timelines for resolution.

Section	Page
Contents	2
Executive Overview	5
Executive Overview	5
Zero Trust	6
Zero Trust	6
Lexmark Secure Software Development Lifecycle (SSDL)	7
Lexmark Secure Software Development Lifecycle (SSDL)	7
Importance of firmware updates	9
Importance of firmware updates	9
Lexmark Secure by Default	11
Lexmark Secure by Default	11
Secure Remote Management	13
Device and Settings Access	13
Audit Logging	14
Digitally Signed Firmware Updates	15
Certificate Management	16
HTTPS	17
SNMPv3	18
Secure Password Reset	18
Secure Network Interfaces	20
TCP Connection Filtering	20
Port Filtering	21
802.1X	22
IPsec	23
Secure Network Time Protocol	24
Fax and Network Separation	24
Secure Access	27
Authentication and Authorization	27
Access controls	28
Active Directory	29
Secure LDAP	31
Auto-insertion of Sender’s E-mail Address	31
Login Restrictions	32
Control Panel Lock	32
Confidential Print	33
Secure Internet Printing Protocol	34
Incoming Fax Holding	34
Secure Start Process and Operating System Protections	35
eSF Application Security	36
Protected USB Ports	37
Secure Data	41
Hard Disk Encryption	41
Non volatile Memory Wipe	42
Trusted Platform Module	43
Hard Disk File Wiping	43
Complete Hard Disk Erasure	45
Out of Service Wiping	46
Physical Lock Support	46
Solutions	48
Intelligent Storage Drive	48
Print Release Application	50
Automated Certificate Management	51
Native Held Jobs Application	52
Contactless Card Authentication Support	53
CAC/PIV and SIPRNet Card (Authentication)	54
Lexmark Contact Authentication Device	55
Lexmark Contactless Authentication Device	56
Lexmark Secure Document Monitor	57
Information sent to Lexmark	58
Security Standards	59
Common Criteria (NIAP/CCEVS Certification, ISO 15408)	59
Federal Information Processing Standards (FIPS)	59
ISO 27001 – Information Security Management System Certification	60
ISO 20243 – Supply Chain Certification	60
Two Levels of Security	61
Notices	62
GOVERNMENT END USERS	62
Trademarks	62

Match case Limit results 1 per page

If yes to 2 step then, the security bug is scored using the industry standard Common Vulnerability Scoring

Systems (CVSS).

Note:

The severity score published in a technical alert can score diﬀerently in speciﬁc implementations.

Internal processes are initiated to log, track, patch, and test the bug ﬁx, and an updated code is provided

through a patch process.

If the CVSS score warrants, Lexmark issues a security advisory for the products aﬀected.

For Lexmark security advisories, go to

https://support.lexmark.com/alerts

To submit a potential vulnerability or concern to the team, an e-mail is sent to

[email protected]

This submission form allows for direct communication with our subject matter experts. We then follow our

standard vulnerability process to assign severity and timelines for resolution.

Lexmark Secure Software Development Lifecycle (SSDL)