A firewall or router rule must block all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6779	MFD01.003	SV-7001r2_rule		Medium

Description
Access to the MFD or printer from outside the enclave network could lead to a denial of service caused by a large number of large print files being sent to the device. Ability for the MFD or printer to access addresses outside the enclave network could lead to a compromise of sensitive data caused by forwarding a print file to a location outside of the enclave network. This also prevents accidental implementation of a “call-home” feature that is not allowed.

Description

Access to the MFD or printer from outside the enclave network could lead to a denial of service caused by a large number of large print files being sent to the device. Ability for the MFD or printer to access addresses outside the enclave network could lead to a compromise of sensitive data caused by forwarding a print file to a location outside of the enclave network. This also prevents accidental implementation of a “call-home” feature that is not allowed.

STIG	Date
Multifunction Device and Network Printers STIG	2019-10-07

Details

Check Text ( C-2954r2_chk )
The reviewer will verify that a firewall or router rule blocks all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer. If a firewall or router does not block all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer, this is a finding.

Fix Text (F-6432r2_fix)
Configure a firewall or router rule to block all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer.