UCF STIG Viewer Logo

Classified Reproduction - SIPRNet Connected Classified Multi-Functional Devices (MFD) located in Space Not Approved for Collateral Classified Open Storage.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32008 IS-10.01.01 SV-42324r2_rule PESP-1 PESS-1 High
Description
Classified Multi-Functional Devices (MFD) include copiers and contain hard drives that maintain classified data or images. Failure to locate these devices in spaces approved for classified open storage could enable uncleared persons to access classified information, either from unsanitized hard drives or from printed/copied material that is left unattended on the machine for any period of time.
STIG Date
Traditional Security 2013-07-11

Details

Check Text ( C-40655r9_chk )
This check concerns multi-functional devices(MFD)(connected to the SIPRNet)that are used for reproduction (copying) of classified DOCUMENTS.

Checks:

1. Unless the copier can be properly purged of all classified data or images after each use for classified - it must be housed in an area approved for open storage of classified material. Most current copiers and multi-functional devices (MFD) contain hard drives that collect and store images and data. Therefore check to ensure that such machines are mantained in space approved for open storage of classified (secret or higher for SIPRNet). (CAT I)

2. If not maintained within a secret or higher open storage area: Check that MFD/copiers that can be (AND are) properly purged of classified data or images after each period of copying classified and are maintained in space where access is controlled to at least the level of the classified material authorized to be copied on the machine. This type of area is referred to as a Controlled Access Area (CAA). Check that document procedures are on hand to support this process. (CAT II)

3. If not within a secret or higher open storage area: Check to ensure the machine is located in a secret or higher CAA and as an alternative to purging the hard drive it (the hard drive) is promptly removed after each use and stored in an approved safe. Check that document procedures are on hand to support this process. (CAT III)

Despite the mitigations cited in checks 2 and 3 above, a CAT II or III finding is still necessary due to the risk that the procedure will not be accomplished promptly or successfully each time and that the risk for printed or copied classified documents to be left unattended for periods of time in the machines still exists.

TACTICAL ENVIRONMENT: This check is applicable in a fixed operational facility in a tactical environment if classified equipment is used or documents or media are created/extracted from the SIPRNet. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used.
Fix Text (F-35957r4_fix)
This Potential Vulnerability concerns multi-functional devices (MFD)devices (connected to the SIPRNet)that are used for reproduction (copying) of classified DOCUMENTS.

1. Unless the MFD/copier can be properly purged of all classified data or images after each use for classified - it must be housed in an area approved for open storage of classified material. Most current copiers and multi-functional devices (MFD) contain hard drives that collect and store images and data. Therefore these machines must be mantained in space approved for open storage of classified (secret or higher for SIPRNet).

2. If not within a secret or higher open storage area: Copiers/MFD must be properly purged of classified data or images after each period of copying classified and be maintained in space where access is controlled to at least the level of the classified material authorized to be copied on the machine. This type of area is referred to as a Controlled Access Area (CAA). Documented procedures must be on-hand for this process.

3. If not within a secret or higher open storage area: The MFD/copier machine must be located in a secret or higher CAA and as an alternative to purging the hard drive it (the hard drive) must be promptly removed after each use and stored in an approved safe. Also must be documented procedures on-hand for this process.

Despite the mitigations in checks 2 and 3 above, there is still a concern that the procedure will not be accomplished promptly or successfully each time and that the risk for printed or copied classified documents to be left unattended for periods of time in the machines still exists.