STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020: STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:SV-42294r3_rule
V-31995
Classified Reproduction - Written Procedures for SIPRNet Connected MFD
IS-10.03.01
CAT III
10
Classified Reproduction - Document Copying using Multi-Functional Device (MFD) machines (ie., printer, copier, fax, scanner) connected to SIPRNet. This STIG Check concerns ONLY PROCEDURES for the reproduction of classified DOCUMENTS on Multi-Functional Devices (MFD) connected to the DoDIN.
General guidance: Paper copies, electronic files, and other material containing classified information shall be reproduced only when necessary for accomplishing the organization’s mission or for complying with applicable statutes or Directives. Personnel reproducing classified information must be knowledgeable of the procedures for classified reproduction and aware of the risks involved with the specific reproduction equipment being used and the appropriate countermeasures they are required to take. Reproduced material is to be placed under the same accountability and control requirements as applied to the original material.
Classified material is to be reproduced only on approved and, when applicable, properly accredited systems.
Ensure:
1. Procedures for the proper reproduction of classified documents are posted on or near the MFD approved for classified reproduction. This is especially true when the MFD is capable of directly making copies of documents on the machine. The procedures must alert users when the particular MFD is approved for classified reproduction.
2. Other MFD (used as copiers) in the organization that are not approved for classified document reproduction must also be marked to alert users of the prohibition against making classified copies.
3. Procedures posted near the MFD must contain steps for users to take after printing, copying, scanning or faxing classified documents. Steps must include double checking of the MFD for missed pages, counting original and copied pages, purging of images (if applicable), use of cover sheets, and general protection/control guidelines for reproduced documents.
NOTE: Most MFD contain both hard drives (non-volatile memory) and volatile memory and cannot be properly sanitized of classified data or images to make the MFD unclassified. Therefore, most (if not all) classified MFD should be housed and operated within space approved for collateral classified open storage. If not maintained in spaces approved for classified open storage all MFD with non-volatile memory that is used for classified reproduction must be under the continuous observation and control of a cleared person AT ALL TIMES.
Classified Reproduction - Document Copying using Multi-Functional Device (MFD) machines (ie., printer, copier, fax, scanner) connected to SIPRNet. This STIG Check concerns ONLY PROCEDURES for the reproduction of classified DOCUMENTS on Multi-Functional Devices (MFD) connected to the DoDIN.
General guidance: Paper copies, electronic files, and other material containing classified information shall be reproduced only when necessary for accomplishing the organization’s mission or for complying with applicable statutes or Directives. Personnel reproducing classified information must be knowledgeable of the procedures for classified reproduction and aware of the risks involved with the specific reproduction equipment being used and the appropriate countermeasures they are required to take. Reproduced material is to be placed under the same accountability and control requirements as applied to the original material.
Classified material is to be reproduced only on approved and, when applicable, properly accredited systems.
Check to ensure:
Check #1. Procedures for the proper reproduction of classified documents are posted on or near the MFD approved for classified reproduction. This is especially true when the MFD is capable of directly making copies of documents on the machine. The procedures must alert users when the particular MFD is approved for classified reproduction.
Check #2. Other MFD (used as copiers) in the organization that are not approved for classified document reproduction must also be marked to alert users of the prohibition against making classified copies.
Check #3. Procedures posted near the MFD must contain steps for users to take after printing, copying, scanning or faxing classified documents. Steps must include double checking of the MFD for missed pages, counting original and copied pages, purging or clearing of images from the MFD (if applicable), use of cover sheets, and general protection/control guidelines for reproduced documents.
NOTE: Most MFD contain both hard drives (non-volatile memory) and volatile memory and cannot be properly sanitized of classified data or images to make the MFD unclassified. Therefore, most (if not all) classified MFD should be housed and operated within space approved for collateral classified open storage. If not maintained in spaces approved for classified open storage all MFD with non-volatile memory that is used for classified reproduction must be under the continuous observation and control of a cleared person AT ALL TIMES. A violation of this is a Category 1 Severity level finding and is covered under: STIG ID: IS-10.01.01, Vuln ID: V-32008.
TACTICAL ENVIRONMENT: This check is applicable in a fixed operational facility in a tactical environment if classified equipment is used or documents or media are created/extracted from the SIPRNet. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used.
V-31995
False
IS-10.03.01
Classified Reproduction - Document Copying using Multi-Functional Device (MFD) machines (ie., printer, copier, fax, scanner) connected to SIPRNet. This STIG Check concerns ONLY PROCEDURES for the reproduction of classified DOCUMENTS on Multi-Functional Devices (MFD) connected to the DoDIN.
General guidance: Paper copies, electronic files, and other material containing classified information shall be reproduced only when necessary for accomplishing the organization’s mission or for complying with applicable statutes or Directives. Personnel reproducing classified information must be knowledgeable of the procedures for classified reproduction and aware of the risks involved with the specific reproduction equipment being used and the appropriate countermeasures they are required to take. Reproduced material is to be placed under the same accountability and control requirements as applied to the original material.
Classified material is to be reproduced only on approved and, when applicable, properly accredited systems.
Check to ensure:
Check #1. Procedures for the proper reproduction of classified documents are posted on or near the MFD approved for classified reproduction. This is especially true when the MFD is capable of directly making copies of documents on the machine. The procedures must alert users when the particular MFD is approved for classified reproduction.
Check #2. Other MFD (used as copiers) in the organization that are not approved for classified document reproduction must also be marked to alert users of the prohibition against making classified copies.
Check #3. Procedures posted near the MFD must contain steps for users to take after printing, copying, scanning or faxing classified documents. Steps must include double checking of the MFD for missed pages, counting original and copied pages, purging or clearing of images from the MFD (if applicable), use of cover sheets, and general protection/control guidelines for reproduced documents.
NOTE: Most MFD contain both hard drives (non-volatile memory) and volatile memory and cannot be properly sanitized of classified data or images to make the MFD unclassified. Therefore, most (if not all) classified MFD should be housed and operated within space approved for collateral classified open storage. If not maintained in spaces approved for classified open storage all MFD with non-volatile memory that is used for classified reproduction must be under the continuous observation and control of a cleared person AT ALL TIMES. A violation of this is a Category 1 Severity level finding and is covered under: STIG ID: IS-10.01.01, Vuln ID: V-32008.
TACTICAL ENVIRONMENT: This check is applicable in a fixed operational facility in a tactical environment if classified equipment is used or documents or media are created/extracted from the SIPRNet. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used.
M
2506