The level of audit has not been established or the audit logs being collected for the devices and print spoolers are not being reviewed.
An XCCDF Rule
Description
If inadequate information is captured in the audit, the identification and prosecution of malicious user will be very difficult. If the audits are not regularly reviewed suspicious activity may go undetected for a long time. Therefore, the level of auditing for MFDs, printers, and print spoolers must be defined and personnel identified to review the audit logs.
| Property | Value |
|---|---|
| Responsibility | Information Assurance Officer |
| IA Controls | ECAR-1, ECAR-2, ECAR-3, ECAT-1, ECAT-2 |
- ID
- SV-7024r2_rule
- Version
- MFD06.006
- Severity
- Low
- Updated
Remediation Templates
A Manual Procedure
Define the level of auditing and identify personnel responsible for reviewing audit logs of MFDs, printers, and print spoolers.