Auditing of user access and fax logs must be enabled when fax from the network is enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6803 | MFD07.004 | SV-7028r2_rule | Low |
| Description |
|---|
| Without auditing the originator and destination of a fax cannot be determined. Prosecuting of an individual who maliciously compromises sensitive data via a fax will be hindered without audits. The SA will ensure auditing of user access and fax logging is enabled if fax from the network is enabled. |
| STIG | Date |
|---|---|
| Multifunction Device and Network Printers STIG | 2019-10-07 |
Details
| Check Text ( C-3018r2_chk ) |
|---|
| The reviewer will, with the assistance from the SA, verify auditing of user access and fax logging is enabled if fax from the network is enabled. If auditing of user access and fax logging is not enabled, this is a finding. |
| Fix Text (F-6477r2_fix) |
|---|
| Configure the MFD to audit faxing. If this is not possible, disable the fax functionality and disconnect the phone line from the MFD. |