STIGQter: STIG Summary: Multifunction Device and Network Printers STIG Version: 2 Release: 14 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Multifunction Device and Network Printers STIG Version: 2 Release: 14 Benchmark Date: 25 Oct 2019:SV-7023r3_rule
V-6798
MFD/Printer Security Policy
MFD06.002
CAT III
10
Develop and implement an MFD and printer security policy consistent with DoDM 5200.01, Volume 3, Section 14.
Obtain and review the organization's MFD and printer security policy. If none is provided, this is a finding. If it does not prescribe the appropriate safeguards listed below, this is a finding.
Safeguards to be listed in the organization's MFD and printer security policy;
a. Prevent unauthorized access to that information, including by repair or maintenance personnel.
b. Ensure that repair procedures do not result in unauthorized dissemination of or access to classified information.
c. Replace and destroy equipment parts in the appropriate manner when classified information cannot be removed.
d. Ensure that appropriately knowledgeable, cleared personnel inspect equipment and associated media used to process classified information before the equipment is removed from protected areas to ensure there is no retained classified information.
e. Ensure MFD and printers used to process classified information are certified and accredited in accordance with DoDD 8500.01E.
f. Ensure that MFD and printers address issues concerning compromising emanations in accordance with DoDD 8500.01E.
V-6798
False
MFD06.002
Obtain and review the organization's MFD and printer security policy. If none is provided, this is a finding. If it does not prescribe the appropriate safeguards listed below, this is a finding.
Safeguards to be listed in the organization's MFD and printer security policy;
a. Prevent unauthorized access to that information, including by repair or maintenance personnel.
b. Ensure that repair procedures do not result in unauthorized dissemination of or access to classified information.
c. Replace and destroy equipment parts in the appropriate manner when classified information cannot be removed.
d. Ensure that appropriately knowledgeable, cleared personnel inspect equipment and associated media used to process classified information before the equipment is removed from protected areas to ensure there is no retained classified information.
e. Ensure MFD and printers used to process classified information are certified and accredited in accordance with DoDD 8500.01E.
f. Ensure that MFD and printers address issues concerning compromising emanations in accordance with DoDD 8500.01E.
I
551