STIGQter: STIG Summary: Multifunction Device and Network Printers STIG Version: 2 Release: 14 Benchmark Date: 25 Oct 2019:

A MFD or printer is not configured to restrict jobs to those from print spoolers.

DISA Rule

SV-7019r3_rule

Vulnerability Number

V-6794

Group Title

MFD/Printer Restrict Jobs Only From Print Spooler

Rule Version

MFD04.001

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Reconfigure the device to restrict access, by IP, to those of the print spoolers and SAs. If the device does not support this functionality, place the device behind a firewall, switch or router with an appropriate discretionary access control list. Disable direct wireless printing on the MFD or printer.

Check Contents

The reviewer will, with the assistance of the SA, verify that MFDs and printers are configured to restrict jobs only to print spoolers, not directly from users.

If print jobs are sent directly to the MFD or printer, this is a finding.

If direct wireless printing (e.g., AirPrint, Wi-Fi Direct, etc.), is enabled on the MFD or printer, this is a finding.

Vulnerability Number

V-6794

Documentable

False

Rule Version

MFD04.001

Severity Override Guidance

The reviewer will, with the assistance of the SA, verify that MFDs and printers are configured to restrict jobs only to print spoolers, not directly from users.

If print jobs are sent directly to the MFD or printer, this is a finding.

If direct wireless printing (e.g., AirPrint, Wi-Fi Direct, etc.), is enabled on the MFD or printer, this is a finding.

Check Content Reference

M

Potential Impact

Client systems that are configured to bypass the print server that spools print jobs will lose access to the printer until reconfigured.

Target Key

551

Comments