MFDs with print, copy, scan, or fax capabilities must be prohibited on classified networks without the approval of the DAA.
An XCCDF Rule
Description
MFDs with print, copy, scan, or fax capabilities, if compromised, could lead to the compromise of classified data or the compromise of the network. The IAO will ensure MFDs with copy, scan, or fax capabilities are not allowed on classified networks unless approved by the DAA.
| Property | Value |
|---|---|
| Responsibility | Information Assurance Officer |
| IA Controls | DCBP-1 |
| Potential Impact | If the device is removed from the classified network it will need to be sanitized in accordance with DoDD 5200.1R if it is to be used for unclassified processing or is to be decommissioned. |
- ID
- SV-7025r2_rule
- Version
- MFD07.001
- Severity
- High
- Updated
Remediation Templates
A Manual Procedure
Remove the MFD from the classified network until DAA approval is obtained.