{
"stig": {
"date": "2019-10-07",
"description": "Multifunction Device and Network Printers (MFD) STIG includes the computing requirements for Multifunction Device and Network Printers operating to support the DoD. The Multifunction Device and Network Printers STIG must also be applied for each site using Multifunction Devices and Network Printers. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.",
"findings": {
"V-6777": {
"checkid": "C-2941r2_chk",
"checktext": "The reviewer will verify the configuration settings in the MFD or Network Printer to ensure the only protocol enabled is TCP/IP.\n\nIf a protocol other than TCP/IP is enabled, this is a finding.",
"description": "The greater the number of protocols allowed active on the network the more vulnerabilities there will be available to be exploited. This also prevents accidental implementation of a \u201ccall-home\u201d feature that is not allowed.",
"fixid": "F-6430r2_fix",
"fixtext": "Configure the MFD or Network Printer to disable all protocols except TCP/IP.",
"iacontrols": null,
"id": "V-6777",
"ruleID": "SV-6999r2_rule",
"severity": "medium",
"title": "The MFD or Network Printer must not enable network protocols other than TCP/IP.",
"version": "MFD01.001"
},
"V-6779": {
"checkid": "C-2954r2_chk",
"checktext": "The reviewer will verify that a firewall or router rule blocks all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer.\n\nIf a firewall or router does not block all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer, this is a finding.",
"description": "Access to the MFD or printer from outside the enclave network could lead to a denial of service caused by a large number of large print files being sent to the device. Ability for the MFD or printer to access addresses outside the enclave network could lead to a compromise of sensitive data caused by forwarding a print file to a location outside of the enclave network. This also prevents accidental implementation of a \u201ccall-home\u201d feature that is not allowed.",
"fixid": "F-6432r2_fix",
"fixtext": "Configure a firewall or router rule to block all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer.",
"iacontrols": null,
"id": "V-6779",
"ruleID": "SV-7001r2_rule",
"severity": "medium",
"title": "A firewall or router rule must block all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer.",
"version": "MFD01.003"
},
"V-6780": {
"checkid": "C-2965r2_chk",
"checktext": "The reviewer will verify that the MFD or Network Printer are flash upgradeable and are configured to use the most current firmware available. \n\nEnsure any \u201ccall-home\u201d feature is disabled.\n\nIf the MFD or Network Printer is not flash upgradeable, this is a finding.\n\nIf the MFD or Network Printer is not configured with the most current firmware, this is a finding.\n\nIf the MFD or Network Printer has the \u201ccall-home\u201d feature enabled, this is a finding.",
"description": "MFD devices or printers utilizing old firmware can expose the network to known vulnerabilities leading to a denial of service or a compromise of sensitive data. While the MFD must use the most current firmware available, it must not use a \u201ccall-home\u201d feature that is not allowed.",
"fixid": "F-6433r2_fix",
"fixtext": "If the MFD or printer cannot be upgraded replace it.\n\nIf the MFD or printer can be upgraded but is not using the latest release of the firmware, upgrade the firmware.",
"iacontrols": null,
"id": "V-6780",
"ruleID": "SV-7002r2_rule",
"severity": "medium",
"title": "The MFD or Network Printer must employ the most current firmware available.",
"version": "MFD02.004"
},
"V-6781": {
"checkid": "C-2966r2_chk",
"checktext": "The reviewer will, with assistance from the SA, verify the default passwords and SNMP community strings of all management services have been replaced with complex passwords.",
"description": "There are many known vulnerabilities in the SNMP protocol and if the default community strings and passwords are not modified an unauthorized individual could gain control of the MFD or printer. This could lead to a denial of service or the compromise of sensitive data.\nThe SA will ensure the default passwords and SNMP community strings of all management services are replaced with complex passwords.\n",
"fixid": "F-6434r1_fix",
"fixtext": "Develop a plan to coordinate the modification of the default passwords and SNMP community strings of all management services replacing them with complex passwords. Obtain CM approval of the plan and execute the plan.",
"iacontrols": null,
"id": "V-6781",
"ruleID": "SV-7003r2_rule",
"severity": "high",
"title": "The default passwords and SNMP community strings of all management services have not been replaced with complex passwords.",
"version": "MFD02.001"
},
"V-6782": {
"checkid": "C-2968r2_chk",
"checktext": "The reviewer will verify the MFD or Network Printer maintains its configuration state after a power down or restart. Review the device documentation and/or confirm through demonstration to verify the MFD maintains configuration settings.\n\nIf the MFD or Network Printer does not maintain its configuration state, this is a finding.",
"description": "If the MFD does not maintain it state over a power down or restart, it will expose the network to all of the vulnerabilities that where mitigated by the modifications made to its configuration state. This also prevents accidental implementation of a \u201ccall-home\u201d feature that is not allowed.",
"fixid": "F-6435r2_fix",
"fixtext": "If the MFD or Network Printer cannot be configured to maintain state, then replace the MFD with a MFD that will maintain its configuration state (passwords, service settings, etc) after a power down or restart.",
"iacontrols": null,
"id": "V-6782",
"ruleID": "SV-7004r2_rule",
"severity": "high",
"title": "The MFD or Network Printer must maintain configuration state (e.g., passwords, service settings) after a power down or restart.",
"version": "MFD02.002"
},
"V-6783": {
"checkid": "C-2969r2_chk",
"checktext": "Verify that all management protocols are disabled unless approved by the organization's AO/ISSM.\n\nProtocols may be enabled temporarily if needed to upgrade firmware or configure the device, but must be disabled immediately when this activity is completed. HTTPS and SNMPv3 may be used but must be configured in accordance with the requirements of the Network Infrastructure STIG.\n\nIf management protocols other than HTTPS and SNMPv3 are enabled unnecessarily or without AO/ISSM approval, this is a finding.",
"description": "Unneeded protocols expose the device and the network to unnecessary vulnerabilities.",
"fixid": "F-6436r2_fix",
"fixtext": "Disable all management protocols except HTTPS and SNMPv3 unless approval has been granted by the organization's AO/ISSM.",
"iacontrols": [
"DCPP-1"
],
"id": "V-6783",
"ruleID": "SV-7005r2_rule",
"severity": "medium",
"title": "Management protocols, with the exception of HTTPS and SNMPv3, must be disabled at all times except when necessary.",
"version": "MFD02.003"
},
"V-6784": {
"checkid": "C-2984r1_chk",
"checktext": "The reviewer will, with the assistance of the SA, verify that the MFD or printer can only be remotely managed by SA or printer administrator from specific IPs (SA workstations and print spooler). Look for list that restricts the protocol used for administrative access to specific IP addresses.",
"description": "Since unrestricted access to the MFD or printer for management is not required the restricting the management interface to specific IP addresses decreases the exposure of the system to malicious actions. If the MFD or printer is compromised it could lead to a denial of service or a compromise of sensitive data.\nThe SA will ensure devices can only be remotely managed by SA\u2019s or printer administrators from specific IPs (SA workstations and print spooler).",
"fixid": "F-6447r1_fix",
"fixtext": "Restrict access to the MFD's or printer's management function to a specific set of IP addresses. If the device lacks this functionality use an ACL in a router, firewall or switch to restrict the access.",
"iacontrols": [
"DCBP-1"
],
"id": "V-6784",
"ruleID": "SV-7009r1_rule",
"severity": "high",
"title": "There is no restriction on where a MFD or a printer can be remotely managed.",
"version": "MFD02.005"
},
"V-6790": {
"checkid": "C-2994r1_chk",
"checktext": "The reviewer will, with the assistance of the SA, verify that the MFD or printer print services are restricted to LPD or port 9100.\n\nWhere both Windows and non-Windows clients need services from the same device, both Port 9100 and LPD can be enabled simultaneously.\n",
"description": "Printer services running on ports other than the known ports for printing cannot be monitored on the network and could lead to a denial of service it the invalid port is blocked by a network administrator responding to an alert from the IDS for traffic on an unauthorized port.",
"fixid": "F-6456r1_fix",
"fixtext": "Develop a plan to coordinate the reconfiguration of the printer servers and clients so that print services runs only on authorized ports. Obtain CM approval of the plan and implement the plan.",
"iacontrols": [
"DCBP-1"
],
"id": "V-6790",
"ruleID": "SV-7015r1_rule",
"severity": "low",
"title": "Print services for a MFD or printer are not restricted to Port 9100 and/or LPD (Port 515).\n\nWhere both Windows and non-Windows clients need services from the same device, both Port 9100 and LPD can be enabled simultaneously.\n",
"version": "MFD03.001"
},
"V-6794": {
"checkid": "C-2998r4_chk",
"checktext": "The reviewer will, with the assistance of the SA, verify that MFDs and printers are configured to restrict jobs only to print spoolers, not directly from users.\n\nIf print jobs are sent directly to the MFD or printer, this is a finding.\n\nIf direct wireless printing (e.g., AirPrint, Wi-Fi Direct, etc.), is enabled on the MFD or printer, this is a finding.",
"description": "If MFDs or printers are not restricted to accept print jobs only from print spoolers that authenticate the user and log the job, a denial of service can be created by the MFD or printer accepting one or more large print jobs from an unauthorized user.\n\nThe SA will ensure MFDs and printers are configured to restrict jobs only to print spoolers, not directly from users.\n\nMobile device print jobs must be sent to a print spooler, they must not be sent directly from a mobile device to a MFD or printer that supports direct wireless printing (e.g., AirPrint, Wi-Fi Direct, etc.).\n\nThe configuration is accomplished by restricting access, by IP, to those of the print spooler and SAs. If supported, IP restriction is accomplished on the device, or if not supported, by placing the device behind a firewall, switch or router with an appropriate discretionary access control list.\n",
"fixid": "F-6461r2_fix",
"fixtext": "Reconfigure the device to restrict access, by IP, to those of the print spoolers and SAs. If the device does not support this functionality, place the device behind a firewall, switch or router with an appropriate discretionary access control list. Disable direct wireless printing on the MFD or printer.",
"iacontrols": null,
"id": "V-6794",
"ruleID": "SV-7019r3_rule",
"severity": "medium",
"title": "A MFD or printer is not configured to restrict jobs to those from print spoolers.\n",
"version": "MFD04.001"
},
"V-6796": {
"checkid": "C-3002r1_chk",
"checktext": "The reviewer will, with the assistance of the SA, verify that the print spoolers are configured to restrict access to authorized users and restrict users to managing their own individual jobs.",
"description": "If unauthorized users are allowed access to the print spooler they can queue large print file creating a denial of service for other users. If users are not restricted to manipulating only files they created, they could create ad denial of service by changing the print order of existing files or deleting other users files.\nThe SA will ensure print spoolers are configured to restrict access to authorized user and restrict users to managing their own individual jobs.",
"fixid": "F-6463r1_fix",
"fixtext": "Configure the print spoolers to restrict access to authorized users and restrict users to managing their own individual jobs.",
"iacontrols": [
"ECAN-1",
"IAIA-1",
"IAIA-2"
],
"id": "V-6796",
"ruleID": "SV-7021r1_rule",
"severity": "medium",
"title": "Print spoolers are not configured to restrict access to authorized users and restrict users to managing their own individual jobs. ",
"version": "MFD05.001"
},
"V-6797": {
"checkid": "C-3005r1_chk",
"checktext": "The reviewer will, with the assistance of the SA, verify that devices and their spoolers have auditing fully enabled.",
"description": "Without auditing the identification and prosecution of an individual that performs malicious actions is difficult if not impossible.",
"fixid": "F-6465r1_fix",
"fixtext": "Configure the devices and their spoolers have auditing fully enabled.",
"iacontrols": [
"ECAR-1",
"ECAR-2",
"ECAR-3"
],
"id": "V-6797",
"ruleID": "SV-7022r1_rule",
"severity": "medium",
"title": "The devices and their spoolers do not have auditing enabled. ",
"version": "MFD06.001"
},
"V-6798": {
"checkid": "C-3006r3_chk",
"checktext": "Obtain and review the organization's MFD and printer security policy. If none is provided, this is a finding. If it does not prescribe the appropriate safeguards listed below, this is a finding.\nSafeguards to be listed in the organization's MFD and printer security policy;\na. Prevent unauthorized access to that information, including by repair or maintenance personnel.\nb. Ensure that repair procedures do not result in unauthorized dissemination of or access to classified information.\nc. Replace and destroy equipment parts in the appropriate manner when classified information cannot be removed.\nd. Ensure that appropriately knowledgeable, cleared personnel inspect equipment and associated media used to process classified information before the equipment is removed from protected areas to ensure there is no retained classified information.\ne. Ensure MFD and printers used to process classified information are certified and accredited in accordance with DoDD 8500.01E. \nf. Ensure that MFD and printers address issues concerning compromising emanations in accordance with DoDD 8500.01E.",
"description": "Department of Defense Manual 5200.01, \"Protection of Classified Information\" provides policy, assigns responsibilities, and provides procedures for the designation, marking, protection, and dissemination of controlled unclassified information (CUI) and classified information. DoDM 5200.01, Volume 3, Section 14 mandates that organizations identify equipment used for classified processing and develop security procedures to safeguard these devices. \n\nThis requires that each organization have an MFD and printer security policy that lists the following safeguards: \na. Prevent unauthorized access to that information, including by repair or maintenance personnel.\nb. Ensure that repair procedures do not result in unauthorized dissemination of or access to classified information.\nc. Replace and destroy equipment parts in the appropriate manner when classified information cannot be removed.\nd. Ensure that appropriately knowledgeable, cleared personnel inspect equipment and associated media used to process classified information before the equipment is removed from protected areas to ensure there is no retained classified information.\ne. Ensure MFD and printers used to process classified information are certified and accredited in accordance with DoDD 8500.01E. \nf. Ensure that MFD and printers address issues concerning compromising emanations in accordance with DoDD 8500.01E.",
"fixid": "F-6467r2_fix",
"fixtext": "Develop and implement an MFD and printer security policy consistent with DoDM 5200.01, Volume 3, Section 14.",
"iacontrols": [
"DCBP-1",
"ECAN-1",
"ECIC-1",
"IAIA-1",
"PECS-1",
"PECS-2",
"PEDD-1"
],
"id": "V-6798",
"ruleID": "SV-7023r3_rule",
"severity": "low",
"title": "Implementation of an MFD and printer security policy for the protection of classified information. ",
"version": "MFD06.002"
},
"V-6799": {
"checkid": "C-3009r2_chk",
"checktext": "Obtain and review the organization's MFD and printer security policy. If the level of auditing has not been established, this is a finding. If personnel have not been identified to regularly review MFD, printer, and print spooler logs, this is a finding.",
"description": "If inadequate information is captured in the audit, the identification and prosecution of malicious user will be very difficult. If the audits are not regularly reviewed suspicious activity may go undetected for a long time. Therefore, the level of auditing for MFDs, printers, and print spoolers must be defined and personnel identified to review the audit logs. ",
"fixid": "F-6470r2_fix",
"fixtext": "Define the level of auditing and identify personnel responsible for reviewing audit logs of MFDs, printers, and print spoolers.",
"iacontrols": [
"ECAR-1",
"ECAR-2",
"ECAR-3",
"ECAT-1",
"ECAT-2"
],
"id": "V-6799",
"ruleID": "SV-7024r2_rule",
"severity": "low",
"title": "The level of audit has not been established or the audit logs being collected for the devices and print spoolers are not being reviewed.",
"version": "MFD06.006"
},
"V-6800": {
"checkid": "C-3012r4_chk",
"checktext": "The reviewer will interview the IAO to verify that MFDs with print, copy, scan, or fax capabilities are prohibited on classified networks unless approved by the DAA.",
"description": "MFDs with print, copy, scan, or fax capabilities, if compromised, could lead to the compromise of classified data or the compromise of the network. The IAO will ensure MFDs with copy, scan, or fax capabilities are not allowed on classified networks unless approved by the DAA.",
"fixid": "F-6472r4_fix",
"fixtext": "Remove the MFD from the classified network until DAA approval is obtained.",
"iacontrols": [
"DCBP-1"
],
"id": "V-6800",
"ruleID": "SV-7025r2_rule",
"severity": "high",
"title": "MFDs with print, copy, scan, or fax capabilities must be prohibited on classified networks without the approval of the DAA.",
"version": "MFD07.001"
},
"V-6801": {
"checkid": "C-3016r1_chk",
"checktext": "The reviewer, with the assistance of the SA, verify the device is configured to clear the hard disk between jobs if scan to hard disk functionality is used.\n\nNote: This policy is a security-in-depth measure and applies to normal use. Thus, the clearing algorithm does not have to comply with DoD sanitization procedures. Proper sanitization using a DoD compliant procedure will be required only for final destruction/disposition. \n\nNote: This does not apply if PKI authenticated access and discretionary access controls (authorization controls) are used to protect the stored data. \n",
"description": "If the MFD is compromised the un-cleared, previously used, space on the hard disk drive can be read which can lead to a compromise of sensitive data.\nThe SA will ensure the device is configured to clear the hard disk between jobs if scan to hard disk functionality is used.",
"fixid": "F-6475r1_fix",
"fixtext": "Configured the MFD to clear the hard disk between jobs if scan to hard disk functionality is used.",
"iacontrols": [
"ECRC-1"
],
"id": "V-6801",
"ruleID": "SV-7026r1_rule",
"severity": "medium",
"title": "A MFD device, with scan to hard disk functionality used, is not configured to clear the hard disk between jobs.",
"version": "MFD07.002"
},
"V-6802": {
"checkid": "C-3017r1_chk",
"checktext": "The reviewer will, with the assistance of the SA, verify that file shares have the appropriate discretionary access control list in place if scan to a file share is enabled.",
"description": "Without appropriate discretionary access controls unauthorized individuals may read the scanned data. This can lead to a compromise of sensitive data.\nThe SA will ensure file shares have the appropriate discretionary access control list in place if scan to a file share is enabled.",
"fixid": "F-6476r1_fix",
"fixtext": "Create the appropriate discretionary access control list for file shares if scan to a file share is enabled.",
"iacontrols": null,
"id": "V-6802",
"ruleID": "SV-7027r1_rule",
"severity": "low",
"title": "Scan to a file share is enabled but the file shares do not have the appropriate discretionary access control list in place.",
"version": "MFD07.003"
},
"V-6803": {
"checkid": "C-3018r2_chk",
"checktext": "The reviewer will, with the assistance from the SA, verify auditing of user access and fax logging is enabled if fax from the network is enabled. If auditing of user access and fax logging is not enabled, this is a finding.",
"description": "Without auditing the originator and destination of a fax cannot be determined. Prosecuting of an individual who maliciously compromises sensitive data via a fax will be hindered without audits.\n\nThe SA will ensure auditing of user access and fax logging is enabled if fax from the network is enabled.",
"fixid": "F-6477r2_fix",
"fixtext": "Configure the MFD to audit faxing. If this is not possible, disable the fax functionality and disconnect the phone line from the MFD.",
"iacontrols": null,
"id": "V-6803",
"ruleID": "SV-7028r2_rule",
"severity": "low",
"title": "Auditing of user access and fax logs must be enabled when fax from the network is enabled.",
"version": "MFD07.004"
},
"V-6804": {
"checkid": "C-3019r2_chk",
"checktext": "The reviewer will, with the assistance from the SA, verify devices do not allow scan to SMTP. If scan to SMTP is enabled on the MFD, this is a finding.\n\nNote: With AO approval, strict usage policies, and user training, MFD scan to SMTP (email) is allowed if CAC/PKI authentication is implemented on the MFD. There must be a method implemented for non-repudiation and authenticated access. A USB/flash drive/thumb drive or any removable storage capability will not be installed.",
"description": "The SMTP engines found on the MFDs reviewed when writing the MFD STIG did not have robust enough security features supporting scan to email. Because of the lack of robust security, scan to email will be disabled on MFD devices. Failure to disable this feature could lead to an untraceable and possibly undetectable compromise of sensitive data.\n\nThe SA will ensure MFDs do not allow scan to SMTP.",
"fixid": "F-6478r1_fix",
"fixtext": "Disable the scan to SMTP (email) feature on all MFDs.",
"iacontrols": null,
"id": "V-6804",
"ruleID": "SV-7029r2_rule",
"severity": "medium",
"title": "MFDs must not allow scan to SMTP (email).",
"version": "MFD07.005"
},
"V-6805": {
"checkid": "C-3020r1_chk",
"checktext": "The reviewer will, with the assistance of the SA, verify that the device has a mechanism to lock and prevent access to the hard disk.\n\nWhat we are looking for here is a locking mechanism with a key securing the hard drive or the case access to the hard drive. The lock will be locked or this is a finding.\n\nNote: This is not required if physical security measures are in place, if the drive is not easily removable, if drive is encrypted, or if there is zeroization or other strong protection mechanism.",
"description": "If the hard disk drive of a MFD can be removed from the MFD the data on the drive can be recovered and read. This can lead to a compromise of sensitive data.\n\nThe IAO will ensure the device has a mechanism to lock and prevent access to the hard disk.",
"fixid": "F-6479r1_fix",
"fixtext": "If the lock is not locked, lock it.\n\nIf there is no lock see if the vendor makes one and if so acquire it an lock the drive.\nIf the vendor does not supply a lock, acquire an aftermarket lock that will secure the drive so that it cannot be accessed. Even a drive that cannot be removed but the connectors can be removed is vulnerable.\n",
"iacontrols": [
"PECF-1",
"PECF-2"
],
"id": "V-6805",
"ruleID": "SV-7030r1_rule",
"severity": "medium",
"title": "A MFD device does not have a mechanism to lock and prevent access to the hard drive.",
"version": "MFD08.001"
},
"V-6806": {
"checkid": "C-3021r1_chk",
"checktext": "The reviewer will, with the assistance of the SA, verify that the device is configured to prevent non-printer administrators from altering the global configuration of the device.",
"description": "If unauthorized users can alter the global configuration of the MFD they can remove all security. This can lead to the compromise of sensitive data or the compromise of the network the MFD is attached to.",
"fixid": "F-6480r1_fix",
"fixtext": "Configured the device to prevent non-printer administrators from altering the global configuration of the device. If the device cannot be configured in this manner, replace the device with one that can be configured in an acceptable manner.",
"iacontrols": null,
"id": "V-6806",
"ruleID": "SV-7031r1_rule",
"severity": "high",
"title": "The device is not configured to prevent non-printer administrators from altering the global configuration of the device.",
"version": "MFD08.002"
},
"V-97711": {
"checkid": "C-96545r1_chk",
"checktext": "Determine if the network device prohibits the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services. This includes hardware ports such as USB ports. \n\nIf any unnecessary or nonsecure functions, ports, protocols and/or services are permitted, this is a finding.\n",
"description": "In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable unused or unnecessary physical and logical ports/protocols on information systems.\n\nMFDs are capable of providing a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential organizational operations. Additionally, it is sometimes convenient to provide multiple services from a single component (e.g., email and web services); however, doing so increases risk over limiting the services provided by any one component. \n\nTo support the requirements and principles of least functionality, the MFD must support the organizational requirements providing only essential capabilities and limiting the use of ports, protocols, and/or services to only those required, authorized, and approved. Some network devices have capabilities enabled by default; if these capabilities are not necessary, they must be disabled. If a particular capability is used, then it must be documented and approved.",
"fixid": "F-103387r1_fix",
"fixtext": "Configure the MFD to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services. This included hardware ports, for example USB ports.",
"iacontrols": null,
"id": "V-97711",
"ruleID": "SV-106815r1_rule",
"severity": "medium",
"title": "The MFD must be configured to prohibit the use of all unnecessary and/or nonsecure functions, physical and logical ports, protocols, and/or services.",
"version": "MFD03.002"
}
},
"profiles": {
"MAC-1_Classified": {
"description": "",
"findings": {
"V-6777": "true",
"V-6779": "true",
"V-6780": "true",
"V-6781": "true",
"V-6782": "true",
"V-6783": "true",
"V-6784": "true",
"V-6790": "true",
"V-6794": "true",
"V-6796": "true",
"V-6797": "true",
"V-6798": "true",
"V-6799": "true",
"V-6800": "true",
"V-6801": "true",
"V-6802": "true",
"V-6803": "true",
"V-6804": "true",
"V-6805": "true",
"V-6806": "true",
"V-97711": "true"
},
"id": "MAC-1_Classified",
"title": "I - Mission Critical Classified"
},
"MAC-1_Public": {
"description": "",
"findings": {
"V-6777": "true",
"V-6779": "true",
"V-6780": "true",
"V-6782": "true",
"V-6783": "true",
"V-6784": "true",
"V-6790": "true",
"V-6794": "true",
"V-6797": "true",
"V-6798": "true",
"V-6799": "true",
"V-6800": "true",
"V-6803": "true",
"V-6804": "true",
"V-97711": "true"
},
"id": "MAC-1_Public",
"title": "I - Mission Critical Public"
},
"MAC-1_Sensitive": {
"description": "",
"findings": {
"V-6777": "true",
"V-6779": "true",
"V-6780": "true",
"V-6781": "true",
"V-6782": "true",
"V-6783": "true",
"V-6784": "true",
"V-6790": "true",
"V-6794": "true",
"V-6796": "true",
"V-6797": "true",
"V-6798": "true",
"V-6799": "true",
"V-6800": "true",
"V-6801": "true",
"V-6802": "true",
"V-6803": "true",
"V-6804": "true",
"V-6805": "true",
"V-6806": "true",
"V-97711": "true"
},
"id": "MAC-1_Sensitive",
"title": "I - Mission Critical Sensitive"
},
"MAC-2_Classified": {
"description": "",
"findings": {
"V-6777": "true",
"V-6779": "true",
"V-6780": "true",
"V-6781": "true",
"V-6782": "true",
"V-6783": "true",
"V-6784": "true",
"V-6790": "true",
"V-6794": "true",
"V-6796": "true",
"V-6797": "true",
"V-6798": "true",
"V-6799": "true",
"V-6800": "true",
"V-6801": "true",
"V-6802": "true",
"V-6803": "true",
"V-6804": "true",
"V-6805": "true",
"V-6806": "true",
"V-97711": "true"
},
"id": "MAC-2_Classified",
"title": "II - Mission Support Classified"
},
"MAC-2_Public": {
"description": "",
"findings": {
"V-6777": "true",
"V-6779": "true",
"V-6780": "true",
"V-6782": "true",
"V-6783": "true",
"V-6784": "true",
"V-6790": "true",
"V-6794": "true",
"V-6797": "true",
"V-6798": "true",
"V-6799": "true",
"V-6800": "true",
"V-6803": "true",
"V-6804": "true",
"V-97711": "true"
},
"id": "MAC-2_Public",
"title": "II - Mission Support Public"
},
"MAC-2_Sensitive": {
"description": "",
"findings": {
"V-6777": "true",
"V-6779": "true",
"V-6780": "true",
"V-6781": "true",
"V-6782": "true",
"V-6783": "true",
"V-6784": "true",
"V-6790": "true",
"V-6794": "true",
"V-6796": "true",
"V-6797": "true",
"V-6798": "true",
"V-6799": "true",
"V-6800": "true",
"V-6801": "true",
"V-6802": "true",
"V-6803": "true",
"V-6804": "true",
"V-6805": "true",
"V-6806": "true",
"V-97711": "true"
},
"id": "MAC-2_Sensitive",
"title": "II - Mission Support Sensitive"
},
"MAC-3_Classified": {
"description": "",
"findings": {
"V-6777": "true",
"V-6779": "true",
"V-6780": "true",
"V-6781": "true",
"V-6782": "true",
"V-6783": "true",
"V-6784": "true",
"V-6790": "true",
"V-6794": "true",
"V-6796": "true",
"V-6797": "true",
"V-6798": "true",
"V-6799": "true",
"V-6800": "true",
"V-6801": "true",
"V-6802": "true",
"V-6803": "true",
"V-6804": "true",
"V-6805": "true",
"V-6806": "true",
"V-97711": "true"
},
"id": "MAC-3_Classified",
"title": "III - Administrative Classified"
},
"MAC-3_Public": {
"description": "",
"findings": {
"V-6777": "true",
"V-6779": "true",
"V-6780": "true",
"V-6782": "true",
"V-6783": "true",
"V-6784": "true",
"V-6790": "true",
"V-6794": "true",
"V-6797": "true",
"V-6798": "true",
"V-6799": "true",
"V-6800": "true",
"V-6803": "true",
"V-6804": "true",
"V-97711": "true"
},
"id": "MAC-3_Public",
"title": "III - Administrative Public"
},
"MAC-3_Sensitive": {
"description": "",
"findings": {
"V-6777": "true",
"V-6779": "true",
"V-6780": "true",
"V-6781": "true",
"V-6782": "true",
"V-6783": "true",
"V-6784": "true",
"V-6790": "true",
"V-6794": "true",
"V-6796": "true",
"V-6797": "true",
"V-6798": "true",
"V-6799": "true",
"V-6800": "true",
"V-6801": "true",
"V-6802": "true",
"V-6803": "true",
"V-6804": "true",
"V-6805": "true",
"V-6806": "true",
"V-97711": "true"
},
"id": "MAC-3_Sensitive",
"title": "III - Administrative Sensitive"
}
},
"slug": "multifunction_device_and_network_printers",
"title": "Multifunction Device and Network Printers STIG",
"version": "2"
}
}