UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Multifunction Device and Network Printers STIG


Overview

Date Finding Count (15)
2015-12-18 CAT I (High): 3 CAT II (Med): 8 CAT III (Low): 4
STIG Description
Multifunction Device and Network Printers (MFD) STIG includes the computing requirements for Multifunction Device and Network Printers operating to support the DoD. The Multifunction Device and Network Printers STIG must also be applied for each site using Multifunction Devices and Network Printers. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Public)

Finding ID Severity Title
V-6782 High The MFD does not maintain its configuration state (passwords, service settings etc) after a power down or reboot.
V-6784 High There is no restriction on where a MFD or a printer can be remotely managed.
V-6800 High MFDs with print, copy, scan, or fax capabilities must be prohibited on classified networks without the approval of the DAA.
V-6779 Medium A firewall or router rule is not used to block all ingress and egress traffic from the enclave perimeter to the MFD or printer.
V-6780 Medium A MFD or a printer device is not flash upgradeable or is not configured to use the most current firmware available.
V-6783 Medium Management protocols, with the exception of HTTPS and SNMPv3, must be disabled at all times except when necessary.
V-6797 Medium The devices and their spoolers do not have auditing enabled.
V-6778 Medium A MFD or a printer is not using a static IP address.
V-6794 Medium A MFD or printer is not configured to restrict jobs to those from print spoolers.
V-6777 Medium A network protocol other than TCP/IP is enabled on a MFD or printer.
V-6804 Medium MFDs must not allow scan to SMTP (email).
V-6790 Low Print services for a MFD or printer are not restricted to Port 9100 and/or LPD (Port 515). Where both Windows and non-Windows clients need services from the same device, both Port 9100 and LPD can be enabled simultaneously.
V-6803 Low Auditing of user access and fax logs must be enabled when fax from the network is enabled.
V-6799 Low The level of audit has not been established or the audit logs being collected for the devices and print spoolers are not being reviewed.
V-6798 Low Implementation of an MFD and printer security policy for the protection of classified information.