UCF STIG Viewer Logo

The level of audit has not been established or the audit logs being collected for the devices and print spoolers are not being reviewed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6799 MFD06.006 SV-7024r2_rule ECAR-1 ECAR-2 ECAR-3 ECAT-1 ECAT-2 Low
Description
If inadequate information is captured in the audit, the identification and prosecution of malicious user will be very difficult. If the audits are not regularly reviewed suspicious activity may go undetected for a long time. Therefore, the level of auditing for MFDs, printers, and print spoolers must be defined and personnel identified to review the audit logs.
STIG Date
Multifunction Device and Network Printers STIG 2019-10-07

Details

Check Text ( C-3009r2_chk )
Obtain and review the organization's MFD and printer security policy. If the level of auditing has not been established, this is a finding. If personnel have not been identified to regularly review MFD, printer, and print spooler logs, this is a finding.
Fix Text (F-6470r2_fix)
Define the level of auditing and identify personnel responsible for reviewing audit logs of MFDs, printers, and print spoolers.