UCF STIG Viewer Logo

A MFD device, with scan to hard disk functionality used, is not configured to clear the hard disk between jobs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6801 MFD07.002 SV-7026r1_rule ECRC-1 Medium
Description
If the MFD is compromised the un-cleared, previously used, space on the hard disk drive can be read which can lead to a compromise of sensitive data. The SA will ensure the device is configured to clear the hard disk between jobs if scan to hard disk functionality is used.
STIG Date
Multifunction Device and Network Printers STIG 2019-10-07

Details

Check Text ( C-3016r1_chk )
The reviewer, with the assistance of the SA, verify the device is configured to clear the hard disk between jobs if scan to hard disk functionality is used.

Note: This policy is a security-in-depth measure and applies to normal use. Thus, the clearing algorithm does not have to comply with DoD sanitization procedures. Proper sanitization using a DoD compliant procedure will be required only for final destruction/disposition.

Note: This does not apply if PKI authenticated access and discretionary access controls (authorization controls) are used to protect the stored data.
Fix Text (F-6475r1_fix)
Configured the MFD to clear the hard disk between jobs if scan to hard disk functionality is used.