From Multifunction Device and Network Printers STIG
Part of MFD/Printer Security Policy
Associated with IA controls: PECS-1, PECS-2, ECAN-1, DCBP-1, PEDD-1, IAIA-1, ECIC-1
Department of Defense Manual 5200.01, "Protection of Classified Information" provides policy, assigns responsibilities, and provides procedures for the designation, marking, protection, and dissemination of controlled unclassified information (CUI) and classified information. DoDM 5200.01, Volume 3, Section 14 mandates that organizations identify equipment used for classified processing and develop security procedures to safeguard these devices.
Obtain and review the organization's MFD and printer security policy. If none is provided, this is a finding. If it does not prescribe the appropriate safeguards listed below, this is a finding. Safeguards to be listed in the organization's MFD and printer security policy; a. Prevent unauthorized access to that information, including by repair or maintenance personnel. b. Ensure that repair procedures do not result in unauthorized dissemination of or access to classified information. c. Replace and destroy equipment parts in the appropriate manner when classified information cannot be removed. d. Ensure that appropriately knowledgeable, cleared personnel inspect equipment and associated media used to process classified information before the equipment is removed from protected areas to ensure there is no retained classified information. e. Ensure MFD and printers used to process classified information are certified and accredited in accordance with DoDD 8500.01E. f. Ensure that MFD and printers address issues concerning compromising emanations in accordance with DoDD 8500.01E.
Develop and implement an MFD and printer security policy consistent with DoDM 5200.01, Volume 3, Section 14.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer