UCF STIG Viewer Logo

Multifunction Device and Network Printers STIG


Overview

Date Finding Count (15)
2019-10-07 CAT I (High): 3 CAT II (Med): 8 CAT III (Low): 4
STIG Description
Multifunction Device and Network Printers (MFD) STIG includes the computing requirements for Multifunction Device and Network Printers operating to support the DoD. The Multifunction Device and Network Printers STIG must also be applied for each site using Multifunction Devices and Network Printers. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Public)

Finding ID Severity Title
V-6782 High The MFD or Network Printer must maintain configuration state (e.g., passwords, service settings) after a power down or restart.
V-6784 High There is no restriction on where a MFD or a printer can be remotely managed.
V-6800 High MFDs with print, copy, scan, or fax capabilities must be prohibited on classified networks without the approval of the DAA.
V-6779 Medium A firewall or router rule must block all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer.
V-6780 Medium The MFD or Network Printer must employ the most current firmware available.
V-6783 Medium Management protocols, with the exception of HTTPS and SNMPv3, must be disabled at all times except when necessary.
V-97711 Medium The MFD must be configured to prohibit the use of all unnecessary and/or nonsecure functions, physical and logical ports, protocols, and/or services.
V-6797 Medium The devices and their spoolers do not have auditing enabled.
V-6794 Medium A MFD or printer is not configured to restrict jobs to those from print spoolers.
V-6777 Medium The MFD or Network Printer must not enable network protocols other than TCP/IP.
V-6804 Medium MFDs must not allow scan to SMTP (email).
V-6790 Low Print services for a MFD or printer are not restricted to Port 9100 and/or LPD (Port 515). Where both Windows and non-Windows clients need services from the same device, both Port 9100 and LPD can be enabled simultaneously.
V-6803 Low Auditing of user access and fax logs must be enabled when fax from the network is enabled.
V-6799 Low The level of audit has not been established or the audit logs being collected for the devices and print spoolers are not being reviewed.
V-6798 Low Implementation of an MFD and printer security policy for the protection of classified information.