STIGQter: STIG Summary: Multifunction Device and Network Printers STIG Version: 2 Release: 14 Benchmark Date: 25 Oct 2019:

A MFD device, with scan to hard disk functionality used, is not configured to clear the hard disk between jobs.

DISA Rule

SV-7026r1_rule

Vulnerability Number

V-6801

Group Title

MFD Clearing Disk Space Scan to Disk

Rule Version

MFD07.002

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configured the MFD to clear the hard disk between jobs if scan to hard disk functionality is used.

Check Contents

The reviewer, with the assistance of the SA, verify the device is configured to clear the hard disk between jobs if scan to hard disk functionality is used.

Note: This policy is a security-in-depth measure and applies to normal use. Thus, the clearing algorithm does not have to comply with DoD sanitization procedures. Proper sanitization using a DoD compliant procedure will be required only for final destruction/disposition.

Note: This does not apply if PKI authenticated access and discretionary access controls (authorization controls) are used to protect the stored data.

Vulnerability Number

V-6801

Documentable

False

Rule Version

MFD07.002

Severity Override Guidance

The reviewer, with the assistance of the SA, verify the device is configured to clear the hard disk between jobs if scan to hard disk functionality is used.

Note: This policy is a security-in-depth measure and applies to normal use. Thus, the clearing algorithm does not have to comply with DoD sanitization procedures. Proper sanitization using a DoD compliant procedure will be required only for final destruction/disposition.

Note: This does not apply if PKI authenticated access and discretionary access controls (authorization controls) are used to protect the stored data.

Check Content Reference

M

Responsibility

System Administrator

Target Key

551

Comments