Auditing of user access and fax logs must be enabled when fax from the network is enabled.

From Multifunction Device and Network Printers STIG

Part of MFD fax from network auditing

SV-7028r2_rule Auditing of user access and fax logs must be enabled when fax from the network is enabled.

Vulnerability discussion

Without auditing the originator and destination of a fax cannot be determined. Prosecuting of an individual who maliciously compromises sensitive data via a fax will be hindered without audits.The SA will ensure auditing of user access and fax logging is enabled if fax from the network is enabled.

Check content

The reviewer will, with the assistance from the SA, verify auditing of user access and fax logging is enabled if fax from the network is enabled. If auditing of user access and fax logging is not enabled, this is a finding.

Fix text

Configure the MFD to audit faxing. If this is not possible, disable the fax functionality and disconnect the phone line from the MFD.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer