Multifunction Device and Network Printers (MFD) STIG includes the computing requirements for Multifunction Device and Network Printers operating to support the DoD. The Multifunction Device and Network Printers STIG must also be applied for each site using Multifunction Devices and Network Printers. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.
ReleasedGroup Title | MFD Authorized Users Restrictions |
---|---|
Severity | |
Discussion | If unauthorized users are allowed access to the print spooler they can queue large print file creating a denial of service for other users. If users are not restricted to manipulating only files they created, they could create ad denial of service by changing the print order of existing files or deleting other users files. The SA will ensure print spoolers are configured to restrict access to authorized user and restrict users to managing their own individual jobs. |
Check Content | |
Fix Text |
Group Title | MFD/Printer Global Configuration Settings |
---|---|
Severity | |
Discussion | If unauthorized users can alter the global configuration of the MFD they can remove all security. This can lead to the compromise of sensitive data or the compromise of the network the MFD is attached to. |
Check Content | |
Fix Text |
Group Title | MFD Configuration State After Power Down or Reboot |
---|---|
Severity | |
Discussion | If the MFD does not maintain it state over a power down or restart, it will expose the network to all of the vulnerabilities that where mitigated by the modifications made to its configuration state. This also prevents accidental implementation of a “call-home” feature that is not allowed. |
Check Content | |
Fix Text |
Group Title | MFD Protocol TCP/IP |
---|---|
Severity | |
Discussion | The greater the number of protocols allowed active on the network the more vulnerabilities there will be available to be exploited. This also prevents accidental implementation of a “call-home” feature that is not allowed. |
Check Content | |
Fix Text |
Group Title | MFD Firmware |
---|---|
Severity | |
Discussion | MFD devices or printers utilizing old firmware can expose the network to known vulnerabilities leading to a denial of service or a compromise of sensitive data. While the MFD must use the most current firmware available, it must not use a “call-home” feature that is not allowed. |
Check Content | |
Fix Text |
Group Title | MFD Scan Discretionary Access Control |
---|---|
Severity | |
Discussion | Without appropriate discretionary access controls unauthorized individuals may read the scanned data. This can lead to a compromise of sensitive data. The SA will ensure file shares have the appropriate discretionary access control list in place if scan to a file share is enabled. |
Check Content | |
Fix Text |
Group Title | MFD fax from network auditing |
---|---|
Severity | |
Discussion | Without auditing the originator and destination of a fax cannot be determined. Prosecuting of an individual who maliciously compromises sensitive data via a fax will be hindered without audits. The SA will ensure auditing of user access and fax logging is enabled if fax from the network is enabled. |
Check Content | |
Fix Text |
Group Title | Print Services Restricted to Port 9100 and/or LPD |
---|---|
Severity | |
Discussion | Printer services running on ports other than the known ports for printing cannot be monitored on the network and could lead to a denial of service it the invalid port is blocked by a network administrator responding to an alert from the IDS for traffic on an unauthorized port. |
Check Content | |
Fix Text |
Group Title | MFD Clearing Disk Space Scan to Disk |
---|---|
Severity | |
Discussion | If the MFD is compromised the un-cleared, previously used, space on the hard disk drive can be read which can lead to a compromise of sensitive data. The SA will ensure the device is configured to clear the hard disk between jobs if scan to hard disk functionality is used. |
Check Content | |
Fix Text |
Group Title | MFD/Printer Security Policy |
---|---|
Severity | |
Discussion | Department of Defense Manual 5200.01, "Protection of Classified Information" provides policy, assigns responsibilities, and provides procedures for the designation, marking, protection, and dissemination of controlled unclassified information (CUI) and classified information. DoDM 5200.01, Volume 3, Section 14 mandates that organizations identify equipment used for classified processing and develop security procedures to safeguard these devices. This requires that each organization have an MFD and printer security policy that lists the following safeguards: a. Prevent unauthorized access to that information, including by repair or maintenance personnel. b. Ensure that repair procedures do not result in unauthorized dissemination of or access to classified information. c. Replace and destroy equipment parts in the appropriate manner when classified information cannot be removed. d. Ensure that appropriately knowledgeable, cleared personnel inspect equipment and associated media used to process classified information before the equipment is removed from protected areas to ensure there is no retained classified information. e. Ensure MFD and printers used to process classified information are certified and accredited in accordance with DoDD 8500.01E. f. Ensure that MFD and printers address issues concerning compromising emanations in accordance with DoDD 8500.01E. |
Check Content | |
Fix Text |
Group Title | MFD Hard Drive Lock |
---|---|
Severity | |
Discussion | If the hard disk drive of a MFD can be removed from the MFD the data on the drive can be recovered and read. This can lead to a compromise of sensitive data. The IAO will ensure the device has a mechanism to lock and prevent access to the hard disk. |
Check Content | |
Fix Text |
Group Title | MFD or a printer can be managed from any IP |
---|---|
Severity | |
Discussion | Since unrestricted access to the MFD or printer for management is not required the restricting the management interface to specific IP addresses decreases the exposure of the system to malicious actions. If the MFD or printer is compromised it could lead to a denial of service or a compromise of sensitive data. The SA will ensure devices can only be remotely managed by SA’s or printer administrators from specific IPs (SA workstations and print spooler). |
Check Content | |
Fix Text |
Group Title | MFD Management Protocols |
---|---|
Severity | |
Discussion | Unneeded protocols expose the device and the network to unnecessary vulnerabilities. |
Check Content | |
Fix Text |
Group Title | MFD/Printer Restrict Jobs Only From Print Spooler |
---|---|
Severity | |
Discussion | If MFDs or printers are not restricted to accept print jobs only from print spoolers that authenticate the user and log the job, a denial of service can be created by the MFD or printer accepting one or more large print jobs from an unauthorized user. The SA will ensure MFDs and printers are configured to restrict jobs only to print spoolers, not directly from users. Mobile device print jobs must be sent to a print spooler, they must not be sent directly from a mobile device to a MFD or printer that supports direct wireless printing (e.g., AirPrint, Wi-Fi Direct, etc.). The configuration is accomplished by restricting access, by IP, to those of the print spooler and SAs. If supported, IP restriction is accomplished on the device, or if not supported, by placing the device behind a firewall, switch or router with an appropriate discretionary access control list. |
Check Content | |
Fix Text |
Group Title | MFD/Printer Firewall/Router Rule Perimeter |
---|---|
Severity | |
Discussion | Access to the MFD or printer from outside the enclave network could lead to a denial of service caused by a large number of large print files being sent to the device. Ability for the MFD or printer to access addresses outside the enclave network could lead to a compromise of sensitive data caused by forwarding a print file to a location outside of the enclave network. This also prevents accidental implementation of a “call-home” feature that is not allowed. |
Check Content | |
Fix Text |
Group Title | MFD scan to SMTP (email) |
---|---|
Severity | |
Discussion | The SMTP engines found on the MFDs reviewed when writing the MFD STIG did not have robust enough security features supporting scan to email. Because of the lack of robust security, scan to email will be disabled on MFD devices. Failure to disable this feature could lead to an untraceable and possibly undetectable compromise of sensitive data. The SA will ensure MFDs do not allow scan to SMTP. |
Check Content | |
Fix Text |
Group Title | MFD and Spooler Auditing |
---|---|
Severity | |
Discussion | Without auditing the identification and prosecution of an individual that performs malicious actions is difficult if not impossible. |
Check Content | |
Fix Text |
Group Title | MFD Classified Network |
---|---|
Severity | |
Discussion | MFDs with print, copy, scan, or fax capabilities, if compromised, could lead to the compromise of classified data or the compromise of the network. The IAO will ensure MFDs with copy, scan, or fax capabilities are not allowed on classified networks unless approved by the DAA. |
Check Content | |
Fix Text |
Group Title | MFD SNMP Community Strings |
---|---|
Severity | |
Discussion | There are many known vulnerabilities in the SNMP protocol and if the default community strings and passwords are not modified an unauthorized individual could gain control of the MFD or printer. This could lead to a denial of service or the compromise of sensitive data. The SA will ensure the default passwords and SNMP community strings of all management services are replaced with complex passwords. |
Check Content | |
Fix Text |
Group Title | MFD Level of Audit and Reviewing |
---|---|
Severity | |
Discussion | If inadequate information is captured in the audit, the identification and prosecution of malicious user will be very difficult. If the audits are not regularly reviewed suspicious activity may go undetected for a long time. Therefore, the level of auditing for MFDs, printers, and print spoolers must be defined and personnel identified to review the audit logs. |
Check Content | |
Fix Text |