UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Multifunction Device and Network Printers STIG



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-6806 High The device is not configured to prevent non-printer administrators from altering the global configuration of the device.
V-6781 High The default passwords and SNMP community strings of all management services have not been replaced with complex passwords.
V-6782 High The MFD does not maintain its configuration state (passwords, service settings etc) after a power down or reboot.
V-6784 High There is no restriction on where a MFD or a printer can be remotely managed.
V-6800 High MFDs with print, copy, scan, or fax capabilities must be prohibited on classified networks without the approval of the DAA.
V-6779 Medium A firewall or router rule is not used to block all ingress and egress traffic from the enclave perimeter to the MFD or printer.
V-6780 Medium A MFD or a printer device is not flash upgradeable or is not configured to use the most current firmware available.
V-6783 Medium Management protocols, with the exception of HTTPS and SNMPv3, must be disabled at all times except when necessary.
V-6777 Medium A network protocol other than TCP/IP is enabled on a MFD or printer.
V-6797 Medium The devices and their spoolers do not have auditing enabled.
V-6796 Medium Print spoolers are not configured to restrict access to authorized users and restrict users to managing their own individual jobs.
V-6805 Medium A MFD device does not have a mechanism to lock and prevent access to the hard drive.
V-6794 Medium A MFD or a printer is not configured to restrict jobs to those from print spoolers.
V-6778 Medium A MFD or a printer is not using a static IP address.
V-6801 Medium A MFD device, with scan to hard disk functionality used, is not configured to clear the hard disk between jobs.
V-6804 Medium Devices allow scan to SMTP (email).
V-6790 Low Print services for a MFD or printer are not restricted to Port 9100 and/or LPD (Port 515). Where both Windows and non-Windows clients need services from the same device, both Port 9100 and LPD can be enabled simultaneously.
V-6802 Low Scan to a file share is enabled but the file shares do not have the appropriate discretionary access control list in place.
V-6803 Low Fax from the network is enabled but auditing of user access and fax log is not enabled.
V-6799 Low The level of audit has not been established or the audit logs being collected for the devices and print spoolers are not being reviewed.
V-6798 Low Implementation of an MFD and printer security policy for the protection of classified information.