Check: MFD07.004
Multifunction Device and Network Printers Security Technical Implemetation Guide:
MFD07.004
(in versions v2 r15 through v2 r9)
Title
Auditing of user access and fax logs must be enabled when fax from the network is enabled. (Cat III impact)
Discussion
Without auditing the originator and destination of a fax cannot be determined. Prosecuting of an individual who maliciously compromises sensitive data via a fax will be hindered without audits. The SA will ensure auditing of user access and fax logging is enabled if fax from the network is enabled.
Check Content
The reviewer will, with the assistance from the SA, verify auditing of user access and fax logging is enabled if fax from the network is enabled. If auditing of user access and fax logging is not enabled, this is a finding.
Fix Text
Configure the MFD to audit faxing. If this is not possible, disable the fax functionality and disconnect the phone line from the MFD.
Additional Identifiers
Rule ID: SV-7028r2_rule
Vulnerability ID: V-6803
Group Title: MFD fax from network auditing
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000130 |
Ensure that audit records contain information that establishes what type of event occurred. |
| CCI-000131 |
Ensure that audit records containing information that establishes when the event occurred. |
| CCI-000132 |
Ensure that audit records containing information that establishes where the event occurred. |
| CCI-000133 |
Ensure that audit records containing information that establishes the source of the event. |
| CCI-000134 |
Ensure that audit records containing information that establishes the outcome of the event. |
| CCI-000135 |
Generate audit records containing the organization-defined additional information that is to be included in the audit records. |
| CCI-000172 |
Generate audit records for the event types defined in AU-2 c that include the audit record content defined in AU-3. |