Check: MFD01.003
Multifunction Device and Network Printers STIG:
MFD01.003
(in versions v2 r14 through v2 r13)
Title
A firewall or router rule must block all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer. (Cat II impact)
Discussion
Access to the MFD or printer from outside the enclave network could lead to a denial of service caused by a large number of large print files being sent to the device. Ability for the MFD or printer to access addresses outside the enclave network could lead to a compromise of sensitive data caused by forwarding a print file to a location outside of the enclave network. This also prevents accidental implementation of a “call-home” feature that is not allowed.
Check Content
The reviewer will verify that a firewall or router rule blocks all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer. If a firewall or router does not block all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer, this is a finding.
Fix Text
Configure a firewall or router rule to block all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer.
Additional Identifiers
Rule ID: SV-7001r2_rule
Vulnerability ID: V-6779
Group Title: MFD/Printer Firewall/Router Rule Perimeter
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001097 |
The information system monitors and controls communications at the external boundary of the information system and at key internal boundaries within the system. |
| CCI-001414 |
The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies. |