Navigate

Check: MFD01.001

Multifunction Device and Network Printers Security Technical Implemetation Guide: MFD01.001 (in versions v2 r15 through v2 r13)

Title

The MFD or Network Printer must not enable network protocols other than TCP/IP. (Cat II impact)

Discussion

The greater the number of protocols allowed active on the network the more vulnerabilities there will be available to be exploited. This also prevents accidental implementation of a “call-home” feature that is not allowed.

Check Content

The reviewer will verify the configuration settings in the MFD or Network Printer to ensure the only protocol enabled is TCP/IP. If a protocol other than TCP/IP is enabled, this is a finding.

Fix Text

Configure the MFD or Network Printer to disable all protocols except TCP/IP.

Additional Identifiers

Rule ID: SV-6999r2_rule

Vulnerability ID: V-6777

Group Title: MFD Protocol TCP/IP

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000381	Configure the system to provide only organization-defined mission essential capabilities.
CCI-000382	Configure the system to prohibit or restrict the use of organization-defined prohibited or restricted functions, system ports, protocols, software, and/or services.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-7	Least Functionality