Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6794 | MFD04.001 | SV-7019r1_rule | DCBP-1 | Medium |
Description |
---|
If MFDs or printers are not restricted to only accepting print jobs from print spoolers that authenticate the user and log the job, a denial of service can be created by the MFD or printer accepting one or more large print jobs from an unauthorized user. The SA will ensure MFDs and printers are configured to restrict jobs to only print spoolers, not directly from users. The configuration is accomplished by restricting access, by IP, to those of the print spooler and SAs. If supported, IP restriction is accomplished on the device, or if not supported, by placing the device behind a firewall, switch or router with an appropriate discretionary access control list. |
STIG | Date |
---|---|
Multifunction Device and Network Printers STIG | 2015-04-02 |
Check Text ( C-2998r1_chk ) |
---|
The reviewer will, with the assistance of the SA, verify that MFDs and printers are configured to restrict jobs to only print spoolers, not directly from users. The configuration is accomplished by restricting access, by IP, to those of the print spoolers and SAs. If supported, IP restriction is accomplished on the device or if not supported, by placing the device behind a firewall, switch or router with an appropriate discretionary access control list. |
Fix Text (F-6461r1_fix) |
---|
Reconfigure the device to restrict access, by IP, to those of the print spoolers and SAs. If the device does not support this functionality, place the device behind a firewall, switch or router with an appropriate discretionary access control list. |