STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 6 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

Multifunction Device and Network Printers Security Technical Implemetation Guide

Archived

Version

V2R15

Release Date

Jan 30, 2025

SCAP Benchmark ID

S-6c904fd4d7db14c9fe43389af266ab915ae0437c

Total Checks

22

Tags

network
CAT I: 6CAT II: 11CAT III: 5

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSON

Checks (22)

V-6777MEDIUMThe MFD or Network Printer must not enable network protocols other than TCP/IP.V-6779MEDIUMA firewall or router rule must block all ingress and egress traffic from the enclave perimeter to the MFD or Network Printer.V-6780MEDIUMThe MFD or Network Printer must employ the most current firmware available.V-6781HIGHThe default passwords and SNMP community strings of all management services have not been replaced with complex passwords.V-6782HIGHThe MFD or Network Printer must maintain configuration state (e.g., passwords, service settings) after a power down or restart.V-6783MEDIUMManagement protocols, with the exception of HTTPS and SNMPv3, must be disabled at all times except when necessary.V-6784HIGHThere is no restriction on where a MFD or a printer can be remotely managed.V-6790LOWPrint services for a MFD or printer are not restricted to Port 9100 and/or LPD (Port 515). Where both Windows and non-Windows clients need services from the same device, both Port 9100 and LPD can be enabled simultaneously. V-6794MEDIUMA MFD or printer is not configured to restrict jobs to those from print spoolers. V-6796MEDIUMPrint spoolers are not configured to restrict access to authorized users and restrict users to managing their own individual jobs. V-6797MEDIUMThe devices and their spoolers do not have auditing enabled. V-6798LOWImplementation of an MFD and printer security policy for the protection of classified information. V-6799LOWThe level of audit has not been established or the audit logs being collected for the devices and print spoolers are not being reviewed.V-6800HIGHMFDs with print, copy, scan, or fax capabilities must be prohibited on classified networks without the approval of the DAA.V-6801MEDIUMA MFD device, with scan to hard disk functionality used, is not configured to clear the hard disk between jobs.V-6802LOWScan to a file share is enabled but the file shares do not have the appropriate discretionary access control list in place.V-6803LOWAuditing of user access and fax logs must be enabled when fax from the network is enabled.V-6804MEDIUMMFDs must not allow scan to SMTP (email).V-6805MEDIUMA MFD device does not have a mechanism to lock and prevent access to the hard drive.V-6806HIGHThe device is not configured to prevent non-printer administrators from altering the global configuration of the device.V-6807HIGHThe device must be supported by the vendor.V-97711MEDIUMThe MFD must be configured to prohibit the use of all unnecessary and/or nonsecure functions, physical and logical ports, protocols, and/or services.