STIGQter: STIG Summary: Multifunction Device and Network Printers STIG Version: 2 Release: 14 Benchmark Date: 25 Oct 2019:

MFDs must not allow scan to SMTP (email).

DISA Rule

SV-7029r2_rule

Vulnerability Number

V-6804

Group Title

MFD scan to SMTP (email)

Rule Version

MFD07.005

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Disable the scan to SMTP (email) feature on all MFDs.

Check Contents

The reviewer will, with the assistance from the SA, verify devices do not allow scan to SMTP. If scan to SMTP is enabled on the MFD, this is a finding.

Note: With AO approval, strict usage policies, and user training, MFD scan to SMTP (email) is allowed if CAC/PKI authentication is implemented on the MFD. There must be a method implemented for non-repudiation and authenticated access. A USB/flash drive/thumb drive or any removable storage capability will not be installed.

Vulnerability Number

V-6804

Documentable

False

Rule Version

MFD07.005

Severity Override Guidance

The reviewer will, with the assistance from the SA, verify devices do not allow scan to SMTP. If scan to SMTP is enabled on the MFD, this is a finding.

Note: With AO approval, strict usage policies, and user training, MFD scan to SMTP (email) is allowed if CAC/PKI authentication is implemented on the MFD. There must be a method implemented for non-repudiation and authenticated access. A USB/flash drive/thumb drive or any removable storage capability will not be installed.

Check Content Reference

M

Responsibility

System Administrator

Target Key

551

Comments