← Back to Multifunction Device and Network Printers Security Technical Implemetation Guide

V-6801

CAT II (Medium)

A MFD device, with scan to hard disk functionality used, is not configured to clear the hard disk between jobs.

Rule ID

SV-7026r1_rule

STIG

Multifunction Device and Network Printers Security Technical Implemetation Guide

Version

V2R15

CCIs

None

Discussion

If the MFD is compromised the un-cleared, previously used, space on the hard disk drive can be read which can lead to a compromise of sensitive data.<br />The SA will ensure the device is configured to clear the hard disk between jobs if scan to hard disk functionality is used.

Check Content

The reviewer, with the assistance of the SA, verify the device is configured to clear the hard disk between jobs if scan to hard disk functionality is used.<br /><br />Note:  This policy is a security-in-depth measure and applies to normal use. Thus, the clearing algorithm does not have to comply with DoD sanitization procedures. Proper sanitization using a DoD compliant procedure will be required only for final destruction/disposition. <br /><br />Note: This does not apply if PKI authenticated access and discretionary access controls (authorization controls) are used to protect the stored data. <br />

Fix Text

Configured the MFD to clear the hard disk between jobs if scan to hard disk functionality is used.