| Checked | Name | Title |
|---|
| ☐ | SV-6999r2_rule | The MFD or Network Printer must not enable network protocols other than TCP/IP. |
| ☐ | SV-7001r2_rule | A firewall or router rule must block all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer. |
| ☐ | SV-7002r2_rule | The MFD or Network Printer must employ the most current firmware available. |
| ☐ | SV-7003r2_rule | The default passwords and SNMP community strings of all management services have not been replaced with complex passwords. |
| ☐ | SV-7004r2_rule | The MFD or Network Printer must maintain configuration state (e.g., passwords, service settings) after a power down or restart. |
| ☐ | SV-7005r2_rule | Management protocols, with the exception of HTTPS and SNMPv3, must be disabled at all times except when necessary. |
| ☐ | SV-7009r1_rule | There is no restriction on where a MFD or a printer can be remotely managed. |
| ☐ | SV-7015r1_rule | Print services for a MFD or printer are not restricted to Port 9100 and/or LPD (Port 515).
Where both Windows and non-Windows clients need services from the same device, both Port 9100 and LPD can be enabled simultaneously. |
| ☐ | SV-7019r3_rule | A MFD or printer is not configured to restrict jobs to those from print spoolers. |
| ☐ | SV-7021r1_rule | Print spoolers are not configured to restrict access to authorized users and restrict users to managing their own individual jobs. |
| ☐ | SV-7022r1_rule | The devices and their spoolers do not have auditing enabled. |
| ☐ | SV-7023r3_rule | Implementation of an MFD and printer security policy for the protection of classified information. |
| ☐ | SV-7024r2_rule | The level of audit has not been established or the audit logs being collected for the devices and print spoolers are not being reviewed. |
| ☐ | SV-7025r2_rule | MFDs with print, copy, scan, or fax capabilities must be prohibited on classified networks without the approval of the DAA. |
| ☐ | SV-7026r1_rule | A MFD device, with scan to hard disk functionality used, is not configured to clear the hard disk between jobs. |
| ☐ | SV-7027r1_rule | Scan to a file share is enabled but the file shares do not have the appropriate discretionary access control list in place. |
| ☐ | SV-7028r2_rule | Auditing of user access and fax logs must be enabled when fax from the network is enabled. |
| ☐ | SV-7029r2_rule | MFDs must not allow scan to SMTP (email). |
| ☐ | SV-7030r1_rule | A MFD device does not have a mechanism to lock and prevent access to the hard drive. |
| ☐ | SV-7031r1_rule | The device is not configured to prevent non-printer administrators from altering the global configuration of the device. |
| ☐ | SV-106815r1_rule | The MFD must be configured to prohibit the use of all unnecessary and/or nonsecure functions, physical and logical ports, protocols, and/or services. |
STIGQter: STIG Summary: