Title

A MFD device, with scan to hard disk functionality used, is not configured to clear the hard disk between jobs. (Cat II impact)

Discussion

If the MFD is compromised the un-cleared, previously used, space on the hard disk drive can be read which can lead to a compromise of sensitive data. The SA will ensure the device is configured to clear the hard disk between jobs if scan to hard disk functionality is used.

Check Content

The reviewer, with the assistance of the SA, verify the device is configured to clear the hard disk between jobs if scan to hard disk functionality is used. Note: This policy is a security-in-depth measure and applies to normal use. Thus, the clearing algorithm does not have to comply with DoD sanitization procedures. Proper sanitization using a DoD compliant procedure will be required only for final destruction/disposition. Note: This does not apply if PKI authenticated access and discretionary access controls (authorization controls) are used to protect the stored data.

Fix Text

Configured the MFD to clear the hard disk between jobs if scan to hard disk functionality is used.

Additional Identifiers

Rule ID: SV-7026r1_rule

Vulnerability ID: V-6801

Group Title: MFD Clearing Disk Space Scan to Disk

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.