Overview of Security
Security Settings of this Machine
User Security Setting
- User Authentication and Account Track
- [General Settings]
- Performing User Authentication/Account Track
- User Authentication Setting
- Account Track Setting
  - [Account Track Registration]
  - [Account Track Counter]
- Using the Authentication Device
  - [External Server Settings]
  - [Authentication Device Settings]
Data Security Setting
- Secure Print: Prints data with a password.
- Encryption of Scan Data
Network Communication Security
- Creating a certificate for this machine for SSL communication
- IPsec Communication

Audit Log

Outputting audit log
Analyzing audit log
Audit log information
List of audit log items

Outputting audit log

All the saved audit log data can be printed out in print mode, or written to USB memory as a file. Audit log data can be printed out in print mode, or written to USB memory as a file.

When printing out data in print mode:

Follow the procedure on Displaying the [Administrator Setting Menu] Screen to display Administrator Setting Menu.
Press System Setting on the Administrator Setting Menu screen, and then press List/Counter.
Select Audit Log Report, then press Print Mode.
Print out data.
- supplementary explanationPress Start on the control panel.
- supplementary explanationTo cancel printing out data, press Stop on the control panel. A dialog is displayed for confirmation. Selecting Cancel Job cancels printing out data.
- supplementary explanationWhen printing out is completed, press Exit PrintMode. This returns to the List/Counter screen.

When writing to USB memory as a file:

Follow the procedure on Displaying the [Administrator Setting Menu] Screen to display Administrator Setting Menu.
Press System Setting on the Administrator Setting Menu screen, and then press List/Counter.
Select Audit Log Report, then press Output All to USB.
Connect the USB memory device, then press OK.
Audit logs are written to USB memory as a file.

Analyzing audit log

Audit log needs to be analyzed by the administrator regularly (once per month), or when the data saved in the machine are illegally accessed or even tampered.

The machine is supposed to store up to 750 logs per month. If more than 750 logs are assumed to be stored in a month, carry out the analysis in a shorter period before unanalyzed logs reach that number.

Audit log information

The audit log contains the following information:

date/time: registers date and time of the operation that resulted in the creation of a log entry.
id: specifies person who made the operation, or subject for security protection.
-1: operation by customer engineer (CE)
-2: operation by the administrator
-3: operation by the unregistered user
Other integer: indicates subjects for security protection.
User ID: numbers from 1 to 1000.
Secure user ID (specified using a computer at secure printing): numbers from 1 to 5 digits (specified by user).
action: indicates number that specifies the operation.
You can check the details in the "List of audit log items" shown below.
result: records result of the operation.
For password authentication, success/failure is indicated as OK/NG.
For operations without password authentication, all log entries are indicated as OK.

List of audit log items

No.	Operation	Audit ID	Stored action	Result
1	CE authentication	CE ID	01	OK/NG
2	Administrator authentication	Administrator ID	02	OK/NG
3	Set/Change Enhanced Security mode	Administrator ID	03	OK
4	Print audit log/Output all to USB memory	CE ID/Administrator ID	04	OK
5	Change/Register CE password	CE ID	05	OK
6	Change/Register administrator password	CE ID/Administrator ID	06	OK
7	Create user by administrator	User ID	07	OK
8	Change/Register user password by administrator	User ID	08	OK
9	Delete user by administrator	User ID	09	OK
10	Change user attribute by administrator	User ID	10	OK
11	Password authentication for user	User ID¹/Unregistered user ID²	11	OK/NG
12	Change attributes of user by user (user password, etc.)	User ID	12	OK
13	(not used)
14	(not used)
15	Access to stored job (Printing hold/HDD store job, recalling HDD store job to hold job, storing hold job on HDD)	User ID	15	OK
16	Delete store job	User ID	16	OK
17	(not used)
18	(not used)
19	Change HDD lock password	Administrator ID	19	OK
20	Date/Time Setting	User ID	20	OK

*^*1: Audit log ID is saved as user ID when user authentication is successfully made, or when password inconformity occurs with a registered user name.

*^*2: Audit log ID is saved as unregistered user ID when authentication failure occurs with an unregistered user name.

The purpose of analyzing the audit log is to understand the following and implement countermeasures:

Whether or not data was accessed or tampered with
Subject of attack
Details of attack
Result of attack

For specific analysis methods, refer to the following description.