Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Multifunction Device and Network Printers STIG
MFD/Printer Restrict Jobs Only From Print Spooler
MFD/Printer Restrict Jobs Only From Print Spooler
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
MFD/Printer Restrict Jobs Only From Print Spooler
1 Rule
<GroupDescription></GroupDescription>
A MFD or printer is not configured to restrict jobs to those from print spoolers.
Medium Severity
<VulnDiscussion>If MFDs or printers are not restricted to accept print jobs only from print spoolers that authenticate the user and log the job, a denial of service can be created by the MFD or printer accepting one or more large print jobs from an unauthorized user. The SA will ensure MFDs and printers are configured to restrict jobs only to print spoolers, not directly from users. Mobile device print jobs must be sent to a print spooler, they must not be sent directly from a mobile device to a MFD or printer that supports direct wireless printing (e.g., AirPrint, Wi-Fi Direct, etc.). The configuration is accomplished by restricting access, by IP, to those of the print spooler and SAs. If supported, IP restriction is accomplished on the device, or if not supported, by placing the device behind a firewall, switch or router with an appropriate discretionary access control list. </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts>Client systems that are configured to bypass the print server that spools print jobs will lose access to the printer until reconfigured.</PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>