MultiFunction Device and Network Printers STIG Version 2, Release 14 Checklist Details (Checklist Revisions)
Download Standalone XCCDF 1.1.4 - Multifunction Device and Network Printers STIG - Ver 2, Rel 14
- Defense Information Systems Agency
|HP Color Laserjet 4730 MFP||cpe:/h:hp:color_laserjet_4730_mfp (View CVEs)|
This Sharing Peripherals Across the Network (SPAN) Security Technical Implementation Guide (STIG) provides the technical security policies, requirements, and implementation details for applying security concepts to Commercial-Off-The-Shelf (COTS) hardware peripheral devices. For this STIG, peripheral will mean, "any device that allows communication between a system and itself, but is not directly operated by the system". However, this document does not deal with devices found wholly contained within the main cabinet of the computer or, with the exception of A/B switches, those devices connected via legacy parallel and serial interfaces. The purpose of this section is to discuss and provide guidance for the secure implementation of network attached multi function devices (MFD)s and printers. MFDs are gaining popularity in the enterprise because they allow users to print, copy, fax and scan from a single device. The advantages of this are realized in the cost savings, space savings and maintenance compared to the individual devices they replace. Many MFDs offer the user the ability to fax directly from the desktop. Like network-attached printers, MFDs are subject to the same network and physical security concerns. Because these devices include an embedded operating system with network connectivity, considerable attention is being paid to their secure implementation. As with printers, MFDs may have file transfer protocol (FTP), telnet, Hyper Text Transport Protocol Secure (HTTPS), SMTP and SNMP services running. MFDs may also have a connection to a phone line for fax functionality. If an attacker gains network access to one of these devices, a wide range of exploits may be possible. If an attacker gains physical access to a device, the programming of the device can be compromised and the potentially sensitive data stored on the hard disk can be recovered.
- Multi-Functional Peripherals
This document is a requirement for all DoD-administered systems and all systems connected to DoD networks. These requirements are designed to assist SMs, Information Assurance Managers (IAMs), IAOs, and SAs with configuring and maintaining security controls. This guidance supports DoD system design, development, implementation, certification, and accreditation efforts.
- Specialized Security-Limited Functionality (SSLF)
DoDD 8500.1 and DoDI 8500.2
Changed status from "under review" to "final" - 09 September 2015 Version 2, Release 6 - 31 July, 2015 Changed status from "Under Review" to "Final" - 03 June 2015 Version 2, Release 3 - 25 October 2013 Version 2, Release 1 - 29 April 2011 Version 2, Release 4 - 30 October 2014 Updated status to "Final" - 07 January 2015 Updated "Point of Contact" - 15 January 2015 Version 2, Release 6 - 31 July, 2015 Changed status from "under review" to "final" - 09 September 2015 Version 2, Release 7 - 29 October 2015 Changed status from "Under Review" to "Final" - 29 December 2015 Version 2, Release 8 - 2 February 2016 3/10/2016 - Promote to Final Updated to v2, r9 - 01/27/2017 Updated to FINAL - 03/08/2017 null Updated URL to reflect change to the DISA website - http --> https updated to v1,r11 - 02/16/2018 Updated to FINAL - 3/18/2018 Updated to v2,r12 - 1/16/19 updated to Version 2, Release 13- 1/23/19 Updated to FINAL - 2/19/19 Updated URLs - 6/12/19 updated URLs - 11/1/19