Check: MFD02.003
Multifunction Device and Network Printers STIG:
MFD02.003
(in versions v2 r14 through v2 r9)
Title
Management protocols, with the exception of HTTPS and SNMPv3, must be disabled at all times except when necessary. (Cat II impact)
Discussion
Unneeded protocols expose the device and the network to unnecessary vulnerabilities.
Check Content
Verify that all management protocols are disabled unless approved by the organization's AO/ISSM. Protocols may be enabled temporarily if needed to upgrade firmware or configure the device, but must be disabled immediately when this activity is completed. HTTPS and SNMPv3 may be used but must be configured in accordance with the requirements of the Network Infrastructure STIG. If management protocols other than HTTPS and SNMPv3 are enabled unnecessarily or without AO/ISSM approval, this is a finding.
Fix Text
Disable all management protocols except HTTPS and SNMPv3 unless approval has been granted by the organization's AO/ISSM.
Additional Identifiers
Rule ID: SV-7005r2_rule
Vulnerability ID: V-6783
Group Title: MFD Management Protocols
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
| CCI-000382 |
The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services. |
Controls
| Number | Title |
|---|---|
| CM-7 |
Least Functionality |