I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
MFD fax from network auditing
<GroupDescription></GroupDescription>Group -
Auditing of user access and fax logs must be enabled when fax from the network is enabled.
<VulnDiscussion>Without auditing the originator and destination of a fax cannot be determined. Prosecuting of an individual who maliciously c...Rule Low Severity -
MFD scan to SMTP (email)
<GroupDescription></GroupDescription>Group -
MFDs must not allow scan to SMTP (email).
<VulnDiscussion>The SMTP engines found on the MFDs reviewed when writing the MFD STIG did not have robust enough security features supporting...Rule Medium Severity -
MFD Hard Drive Lock
<GroupDescription></GroupDescription>Group -
A MFD device does not have a mechanism to lock and prevent access to the hard drive.
<VulnDiscussion>If the hard disk drive of a MFD can be removed from the MFD the data on the drive can be recovered and read. This can lead t...Rule Medium Severity -
MFD/Printer Global Configuration Settings
<GroupDescription></GroupDescription>Group -
The device is not configured to prevent non-printer administrators from altering the global configuration of the device.
<VulnDiscussion>If unauthorized users can alter the global configuration of the MFD they can remove all security. This can lead to the compr...Rule High Severity -
MFD03.002
<GroupDescription></GroupDescription>Group -
The MFD must be configured to prohibit the use of all unnecessary and/or nonsecure functions, physical and logical ports, protocols, and/or services.
<VulnDiscussion>In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e....Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.