Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
A MFD device, with scan to hard disk functionality used, is not configured to clear the hard disk between jobs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6801 | MFD07.002 | SV-7026r1_rule | ECRC-1 | Medium |
| Description |
|---|
| If the MFD is compromised the un-cleared, previously used, space on the hard disk drive can be read which can lead to a compromise of sensitive data. The SA will ensure the device is configured to clear the hard disk between jobs if scan to hard disk functionality is used. |
| STIG | Date |
|---|---|
| Multifunction Device and Network Printers STIG | 2018-09-18 |
Details
| Check Text ( C-3016r1_chk ) |
|---|
| The reviewer, with the assistance of the SA, verify the device is configured to clear the hard disk between jobs if scan to hard disk functionality is used. Note: This policy is a security-in-depth measure and applies to normal use. Thus, the clearing algorithm does not have to comply with DoD sanitization procedures. Proper sanitization using a DoD compliant procedure will be required only for final destruction/disposition. Note: This does not apply if PKI authenticated access and discretionary access controls (authorization controls) are used to protect the stored data. |
| Fix Text (F-6475r1_fix) |
|---|
| Configured the MFD to clear the hard disk between jobs if scan to hard disk functionality is used. |