Navigate

Check: MFD06.006

Multifunction Device and Network Printers STIG: MFD06.006 (in versions v2 r14 through v2 r9)

Title

The level of audit has not been established or the audit logs being collected for the devices and print spoolers are not being reviewed. (Cat III impact)

Discussion

If inadequate information is captured in the audit, the identification and prosecution of malicious user will be very difficult. If the audits are not regularly reviewed suspicious activity may go undetected for a long time. Therefore, the level of auditing for MFDs, printers, and print spoolers must be defined and personnel identified to review the audit logs.

Check Content

Obtain and review the organization's MFD and printer security policy. If the level of auditing has not been established, this is a finding. If personnel have not been identified to regularly review MFD, printer, and print spooler logs, this is a finding.

Fix Text

Define the level of auditing and identify personnel responsible for reviewing audit logs of MFDs, printers, and print spoolers.

Additional Identifiers

Rule ID: SV-7024r2_rule

Vulnerability ID: V-6799

Group Title: MFD Level of Audit and Reviewing

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000130	The information system generates audit records containing information that establishes what type of event occurred.
CCI-000131	The information system generates audit records containing information that establishes when an event occurred.
CCI-000132	The information system generates audit records containing information that establishes where the event occurred.
CCI-000133	The information system generates audit records containing information that establishes the source of the event.
CCI-000134	The information system generates audit records containing information that establishes the outcome of the event.
CCI-000135	The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records.
CCI-000148	The organization reviews and analyzes information system audit records on an organization-defined frequency for indications of organization-defined inappropriate or unusual activity.
CCI-001488	The organization defines additional, more detailed information to be included in the audit records.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-3	Content Of Audit Records
AU-3 (1)	Additional Audit Information
AU-6	Audit Review, Analysis, And Reporting