STIGQter: STIG Summary: Multifunction Device and Network Printers STIG Version: 2 Release: 14 Benchmark Date: 25 Oct 2019:

MFDs with print, copy, scan, or fax capabilities must be prohibited on classified networks without the approval of the DAA.

DISA Rule

SV-7025r2_rule

Vulnerability Number

V-6800

Group Title

MFD Classified Network

Rule Version

MFD07.001

Severity

CAT I

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Remove the MFD from the classified network until DAA approval is obtained.

Check Contents

The reviewer will interview the IAO to verify that MFDs with print, copy, scan, or fax capabilities are prohibited on classified networks unless approved by the DAA.

Vulnerability Number

V-6800

Documentable

False

Rule Version

MFD07.001

Severity Override Guidance

The reviewer will interview the IAO to verify that MFDs with print, copy, scan, or fax capabilities are prohibited on classified networks unless approved by the DAA.

Check Content Reference

Potential Impact

If the device is removed from the classified network it will need to be sanitized in accordance with DoDD 5200.1R if it is to be used for unclassified processing or is to be decommissioned.

MFDs with print, copy, scan, or fax capabilities must be prohibited on classified networks without the approval of the DAA.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Potential Impact

Responsibility

Target Key

Comments