...
Step - The step number in the procedure. If there is a UT Note for this step, the note # corresponds to the step #.
Check (√) - This is for administrators to check off when she/he completes this portion.
To Do - Basic instructions on what to do to harden the respective system
MFD - Reference number in the Defense Information Systems Agency document entitled Multi-Function Device (MFD) and Printer Checklist for Sharing Peripherals Across the Network.
UT Note - The UT Note at the bottom of the page provides additional detail about the step for the university computing environment.
Cat I - For systems that include Category-I data, required steps are denoted with the ! symbol. All steps are recommended.
Cat II/III - For systems that include Category-II or -III data, all steps are recommended, and some are required (denoted by the !).
Min Std - This column links to the specific requirement for the university in the Minimum Security Standards for Systems document.
...
MAC Address |
|
IP Address |
|
Machine Name |
|
Asset Tag |
|
Administrator Name |
|
Date |
|
Step | ? √ | To Do | MFD | UT Note | Cat I | Cat II/III | Min Std |
|
| Preparation and Installation |
|
|
|
|
|
---|---|---|---|---|---|---|---|
1 |
| If machine is a new install, protect it from hostile network traffic, until the operating system is installed and hardened. |
| ! |
| ||
|
| Network Protocols |
|
|
|
|
|
2 |
| Disable all protocols other than IP if they are not being utilized. | 01.001 | ! |
| ||
3 |
| Assign the MFP a static IP address. | 01.002 | ! |
|
| |
4 |
| Restrict printing/copying/faxing/scanning to the minimum number of subnets practical for the device to function for its group of users. | 01.003 |
| ! |
| |
5 |
| Use secure communications. |
| ! |
| ||
|
| Management Services |
|
|
|
|
|
6 |
| Change default passwords and SNMP community strings. | 02.001 |
| ! | ! | |
7 |
| Ensure the MFD maintains its configuration state after power-down or reboot. If a full reset is performed, ensure that a process is in place to reconfigure the MFD back to its production state. | 02.002 |
| ! |
|
|
8 |
| Disable unneeded management protocols. | 02.003 | ! |
| ||
9 |
| Upgrade to patched firmware expediently, in a manner consistent with change control processes. | 02.004 |
| ! | ! | |
10 |
| Utilize automated patching notification, if available. |
| ! | ! | ||
11 |
| Only allow specific, trusted subnets or hosts to manage the MFD. | 02.005 |
| ! |
| |
|
| Print/Copy/Scan/Fax Services |
|
|
|
|
|
12 |
| Limit print/copy/fax/scan services to required protocols. | 03.001 | ! |
| ||
13 |
| If hard disk functionality is enabled, configure the MFD to remove spooled files, images, and other temporary data using a secure overwrite between jobs. | 07.001 | ! |
|
| |
14 |
| Ensure that the MFD provides secure storage for Cat-I data. |
| ! |
| ||
|
| Logging |
|
|
|
|
|
15 |
| Ensure that logging is enabled on MFDs. | 06.001 |
| ! |
| |
16 |
| Logs are reviewed on a regular basis. | 06.006 |
| ! |
| |
17 |
| Logs follow data retention policies. |
|
| ! |
| |
|
| Physical Security |
|
|
|
|
|
18 |
| Physically secure the MFD in areas with restricted access. |
| ! |
| ||
19 |
| Lock and prevent access to the hard disk. | 08.001 | ! |
| ||
20 |
| Ensure that only printer administrators can modify the global configuration from the console by requiring a password. | 08.002 |
| ! |
|
...