UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Multifunction Device and Network Printers STIG


Overview

Date Finding Count (21)
2019-10-07 CAT I (High): 5 CAT II (Med): 11 CAT III (Low): 5
STIG Description
Multifunction Device and Network Printers (MFD) STIG includes the computing requirements for Multifunction Device and Network Printers operating to support the DoD. The Multifunction Device and Network Printers STIG must also be applied for each site using Multifunction Devices and Network Printers. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-6781 High The default passwords and SNMP community strings of all management services have not been replaced with complex passwords.
V-6782 High The MFD or Network Printer must maintain configuration state (e.g., passwords, service settings) after a power down or restart.
V-6784 High There is no restriction on where a MFD or a printer can be remotely managed.
V-6806 High The device is not configured to prevent non-printer administrators from altering the global configuration of the device.
V-6800 High MFDs with print, copy, scan, or fax capabilities must be prohibited on classified networks without the approval of the DAA.
V-6779 Medium A firewall or router rule must block all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer.
V-6796 Medium Print spoolers are not configured to restrict access to authorized users and restrict users to managing their own individual jobs.
V-6780 Medium The MFD or Network Printer must employ the most current firmware available.
V-6783 Medium Management protocols, with the exception of HTTPS and SNMPv3, must be disabled at all times except when necessary.
V-6777 Medium The MFD or Network Printer must not enable network protocols other than TCP/IP.
V-97711 Medium The MFD must be configured to prohibit the use of all unnecessary and/or nonsecure functions, physical and logical ports, protocols, and/or services.
V-6797 Medium The devices and their spoolers do not have auditing enabled.
V-6805 Medium A MFD device does not have a mechanism to lock and prevent access to the hard drive.
V-6794 Medium A MFD or printer is not configured to restrict jobs to those from print spoolers.
V-6801 Medium A MFD device, with scan to hard disk functionality used, is not configured to clear the hard disk between jobs.
V-6804 Medium MFDs must not allow scan to SMTP (email).
V-6790 Low Print services for a MFD or printer are not restricted to Port 9100 and/or LPD (Port 515). Where both Windows and non-Windows clients need services from the same device, both Port 9100 and LPD can be enabled simultaneously.
V-6803 Low Auditing of user access and fax logs must be enabled when fax from the network is enabled.
V-6802 Low Scan to a file share is enabled but the file shares do not have the appropriate discretionary access control list in place.
V-6799 Low The level of audit has not been established or the audit logs being collected for the devices and print spoolers are not being reviewed.
V-6798 Low Implementation of an MFD and printer security policy for the protection of classified information.