Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6799 | MFD06.006 | SV-7024r2_rule | ECAR-1 ECAR-2 ECAR-3 ECAT-1 ECAT-2 | Low |
Description |
---|
If inadequate information is captured in the audit, the identification and prosecution of malicious user will be very difficult. If the audits are not regularly reviewed suspicious activity may go undetected for a long time. Therefore, the level of auditing for MFDs, printers, and print spoolers must be defined and personnel identified to review the audit logs. |
STIG | Date |
---|---|
Multifunction Device and Network Printers STIG | 2018-09-18 |
Check Text ( C-3009r2_chk ) |
---|
Obtain and review the organization's MFD and printer security policy. If the level of auditing has not been established, this is a finding. If personnel have not been identified to regularly review MFD, printer, and print spooler logs, this is a finding. |
Fix Text (F-6470r2_fix) |
---|
Define the level of auditing and identify personnel responsible for reviewing audit logs of MFDs, printers, and print spoolers. |