Title

The MFD or Network Printer must maintain configuration state (e.g., passwords, service settings) after a power down or restart. (Cat I impact)

Discussion

If the MFD does not maintain it state over a power down or restart, it will expose the network to all of the vulnerabilities that where mitigated by the modifications made to its configuration state. This also prevents accidental implementation of a “call-home” feature that is not allowed.

Check Content

The reviewer will verify the MFD or Network Printer maintains its configuration state after a power down or restart. Review the device documentation and/or confirm through demonstration to verify the MFD maintains configuration settings. If the MFD or Network Printer does not maintain its configuration state, this is a finding.

Fix Text

If the MFD or Network Printer cannot be configured to maintain state, then replace the MFD with a MFD that will maintain its configuration state (passwords, service settings, etc) after a power down or restart.

Additional Identifiers

Rule ID: SV-7004r2_rule

Vulnerability ID: V-6782

Group Title: MFD Configuration State After Power Down or Reboot

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.