An error occurred:

Check: MFD06.006

Multifunction Device and Network Printers Security Technical Implemetation Guide: MFD06.006 (in versions v2 r15 through v2 r9)

Title

The level of audit has not been established or the audit logs being collected for the devices and print spoolers are not being reviewed. (Cat III impact)

Discussion

If inadequate information is captured in the audit, the identification and prosecution of malicious user will be very difficult. If the audits are not regularly reviewed suspicious activity may go undetected for a long time. Therefore, the level of auditing for MFDs, printers, and print spoolers must be defined and personnel identified to review the audit logs.

Check Content

Obtain and review the organization's MFD and printer security policy. If the level of auditing has not been established, this is a finding. If personnel have not been identified to regularly review MFD, printer, and print spooler logs, this is a finding.

Fix Text

Define the level of auditing and identify personnel responsible for reviewing audit logs of MFDs, printers, and print spoolers.

Additional Identifiers

Rule ID: SV-7024r2_rule

Vulnerability ID: V-6799

Group Title: MFD Level of Audit and Reviewing

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000130

Ensure that audit records contain information that establishes what type of event occurred.
CCI-000131

Ensure that audit records containing information that establishes when the event occurred.
CCI-000132

Ensure that audit records containing information that establishes where the event occurred.
CCI-000133

Ensure that audit records containing information that establishes the source of the event.
CCI-000134

Ensure that audit records containing information that establishes the outcome of the event.
CCI-000135

Generate audit records containing the organization-defined additional information that is to be included in the audit records.
CCI-000148

Review and analyze system audit records on an organization-defined frequency for indications of organization-defined inappropriate or unusual activity.
CCI-001488

Defines the additional information to be included in the audit records.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-3

Content of Audit Records
AU-3(1)

Additional Audit Information
AU-6

Audit Review, Analysis, and Reporting