There is no restriction on where a MFD or a printer can be remotely managed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6784	MFD02.005	SV-7009r1_rule	DCBP-1	High

Description
Since unrestricted access to the MFD or printer for management is not required the restricting the management interface to specific IP addresses decreases the exposure of the system to malicious actions. If the MFD or printer is compromised it could lead to a denial of service or a compromise of sensitive data. The SA will ensure devices can only be remotely managed by SA’s or printer administrators from specific IPs (SA workstations and print spooler).

Description

Since unrestricted access to the MFD or printer for management is not required the restricting the management interface to specific IP addresses decreases the exposure of the system to malicious actions. If the MFD or printer is compromised it could lead to a denial of service or a compromise of sensitive data. The SA will ensure devices can only be remotely managed by SA’s or printer administrators from specific IPs (SA workstations and print spooler).

STIG	Date
Multifunction Device and Network Printers STIG	2019-10-07

Details

Check Text ( C-2984r1_chk )
The reviewer will, with the assistance of the SA, verify that the MFD or printer can only be remotely managed by SA or printer administrator from specific IPs (SA workstations and print spooler). Look for list that restricts the protocol used for administrative access to specific IP addresses.

Fix Text (F-6447r1_fix)
Restrict access to the MFD's or printer's management function to a specific set of IP addresses. If the device lacks this functionality use an ACL in a router, firewall or switch to restrict the access.