Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6801 | MFD07.002 | SV-7026r1_rule | ECRC-1 | Medium |
Description |
---|
If the MFD is compromised the un-cleared, previously used, space on the hard disk drive can be read which can lead to a compromise of sensitive data. The SA will ensure the device is configured to clear the hard disk between jobs if scan to hard disk functionality is used. |
STIG | Date |
---|---|
Multifunction Device and Network Printers STIG | 2019-10-07 |
Check Text ( C-3016r1_chk ) |
---|
The reviewer, with the assistance of the SA, verify the device is configured to clear the hard disk between jobs if scan to hard disk functionality is used. Note: This policy is a security-in-depth measure and applies to normal use. Thus, the clearing algorithm does not have to comply with DoD sanitization procedures. Proper sanitization using a DoD compliant procedure will be required only for final destruction/disposition. Note: This does not apply if PKI authenticated access and discretionary access controls (authorization controls) are used to protect the stored data. |
Fix Text (F-6475r1_fix) |
---|
Configured the MFD to clear the hard disk between jobs if scan to hard disk functionality is used. |