An error occurred:

Check: MFD08.002

Multifunction Device and Network Printers Security Technical Implemetation Guide: MFD08.002 (in versions v2 r15 through v2 r9)

Title

The device is not configured to prevent non-printer administrators from altering the global configuration of the device. (Cat I impact)

Discussion

If unauthorized users can alter the global configuration of the MFD they can remove all security. This can lead to the compromise of sensitive data or the compromise of the network the MFD is attached to.

Check Content

The reviewer will, with the assistance of the SA, verify that the device is configured to prevent non-printer administrators from altering the global configuration of the device.

Fix Text

Configured the device to prevent non-printer administrators from altering the global configuration of the device. If the device cannot be configured in this manner, replace the device with one that can be configured in an acceptable manner.

Additional Identifiers

Rule ID: SV-7031r1_rule

Vulnerability ID: V-6806

Group Title: MFD/Printer Global Configuration Settings

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002235

Prevent non-privileged users from executing privileged functions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-6(10)

Prohibit Non-privileged Users from Executing Privileged Functions