Skip to content
Log In

Multifunction Device and Network Printers STIG

Rules, Groups, and Values defined within the XCCDF Benchmark

  • MFD Protocol TCP/IP

    Group
    Show

  • The MFD or Network Printer must not enable network protocols other than TCP/IP.

    The greater the number of protocols allowed active on the network the more vulnerabilities there will be available to be exploited. This also prevents accidental implementation of a “call-home” fea...
    Rule Medium Severity
    Show

  • A firewall or router rule must block all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer.

    Access to the MFD or printer from outside the enclave network could lead to a denial of service caused by a large number of large print files being sent to the device. Ability for the MFD or printe...
    Rule Medium Severity
    Show

  • There is no restriction on where a MFD or a printer can be remotely managed.

    Since unrestricted access to the MFD or printer for management is not required the restricting the management interface to specific IP addresses decreases the exposure of the system to malicious ac...
    Rule High Severity
    Show

  • Print services for a MFD or printer are not restricted to Port 9100 and/or LPD (Port 515). Where both Windows and non-Windows clients need services from the same device, both Port 9100 and LPD can be enabled simultaneously.

    Printer services running on ports other than the known ports for printing cannot be monitored on the network and could lead to a denial of service it the invalid port is blocked by a network admini...
    Rule Low Severity
    Show

  • Implementation of an MFD and printer security policy for the protection of classified information.

    Department of Defense Manual 5200.01, "Protection of Classified Information" provides policy, assigns responsibilities, and provides procedures for the designation, marking, protection, and dissemi...
    Rule Low Severity
    Show

  • The level of audit has not been established or the audit logs being collected for the devices and print spoolers are not being reviewed.

    If inadequate information is captured in the audit, the identification and prosecution of malicious user will be very difficult. If the audits are not regularly reviewed suspicious activity may go ...
    Rule Low Severity
    Show

  • The MFD must be configured to prohibit the use of all unnecessary and/or nonsecure functions, physical and logical ports, protocols, and/or services.

    In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable...
    Rule Medium Severity
    Show

  • MFD/Printer Firewall/Router Rule Perimeter

    Group
    Show

  • MFD Firmware

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules