Classified Reproduction - SIPRNet Connected Classified Multi-Functional Devices (MFD) located in Space Not Approved for Collateral Classified Open Storage.

An XCCDF Rule

Description

<VulnDiscussion>Classified Multi-Functional Devices (MFD) include printers, copiers, scanners and facsimile capabilities and contain hard drives that maintain classified data or images. Failure to locate these devices in spaces approved for classified open storage could enable uncleared persons to access classified information, either from unsanitized hard drives or from printed/copied material that is left unattended on the machine for any period of time. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Enclosure C, paragraph 34. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: MP-1, MP-4, PE-1, PE-5. DoDI 8500.01, SUBJECT: Cybersecurity, March 14, 2014 , Enclosure 3, paragraph 7. DoD Manual 5200.01, Volume 3, SUBJECT: DoD Information Security Program: Protection of Classified Information: Enclosure 2 paragraph 14.&15., Enclosure 3 and Enclosure 7, paragraph 6. DoD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016, paragraphs 8-202.e. & 8-302.b. NIST Special Publication 800-88, Revision 1, Guidelines for Media Sanitization, December 2014 NSA/CSS Policy Manual 9-12, 15 December 2014, Subject: NSA/CSS Storage Device Sanitization Manual</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-245833r822893_rule
Severity: High
Updated: 9 months ago

This Potential Vulnerability covers multi-functional devices (MFD) (connected to the SIPRNet) that are used for printing, copying or other reproduction of classified DOCUMENTS.  
 
1.  Unless the MFD can be properly purged of all classified data or images after each use for classified - it must be housed in an area approved for open storage of classified material.  Most current copiers, printers, scanners and facsimile machines or multi-functional devices (MFD) contain hard drives that collect and store images and data.  

Therefore these machines must be maintained in space approved for open storage of classified (secret or higher for SIPRNet).    
NOTE:  Clearing of hard drives (such as by overwriting) is not adequate to sanitize a classified hard drive (magnetic or solid state) so that it can be deemed unclassified and left unattended in an area not approved for classified open storage.  This is regardless of the number of times the drive is over-written.  A hard drive (magnetic or solid state) can only be sanitized (made unclassified) by degaussing and/or physical destruction, thereby rending the drive no longer usable.  
 
2. If not maintained within a secret or higher collateral classified open storage area and hard drives (non-volatile memory) ARE NOT present:
  
MFD (or individual copiers, scanners, printers or facsimile machines) must be properly purged (AKA: sanitized) of classified data or images after each period of reproducing classified and be maintained in space where access is controlled to at least the level of the classified material authorized to be copied on the machine.  This type of area is referred to as a Controlled Access Area (CAA) - at least a secret CAA or TS CAA for SIPRNet connections.  
Sanitizing a MFD means it can be considered and treated as an unclassified device.
  
NOTE:  Hard drives with non-volatile memory cannot be sanitized by current overwriting/clearing procedures and must be destroyed to be considered sanitized/unclassified.  Hence MFD with non-volatile memory cannot be sanitized for reuse.
  
Only those MFD with entirely volatile memory can be sanitized and reused with removal of power from the device.  It is important to note that powering down the machine will be a necessary part of this procedure to ensure that volatile memory is totally erased and sanitized so that it can be considered to be an unclassified device.  Documented procedures must be on-hand for this process.

3.  If not maintained within a secret or higher collateral classified open storage area and hard drives (non-volatile memory) ARE present:
 
MFD (or individual copiers, scanners, printers or facsimile machines) with hard drives (non-volatile memory) must be located and operated in a secret or higher CAA and the hard drive must be promptly removed after each use (or otherwise when unattended by cleared employees) and stored in a GSA approved safe. 
 
It is important to note that powering down the machine will still be a necessary part of this procedure to ensure that volatile memory is totally erased and sanitized so that it can be considered to be an unclassified device. There must be documented procedures on-hand for this process. 

NOTE:  Despite the mitigations in 2 and 3 above, there is still a concern that the procedure will not be accomplished promptly or successfully each time and that the risk for printed or copied classified documents to be left unattended for periods of time in the MFD machines still exists.  Therefore vulnerability still exists and must be considered as a potential finding.

Classified Reproduction - SIPRNet Connected Classified Multi-Functional Devices (MFD) located in Space Not Approved for Collateral Classified Open Storage.

Description

Remediation - Manual Procedure