...
MAC Address |
|
IP Address |
|
Machine Name |
|
Asset Tag |
|
Administrator Name |
|
Date |
|
Preparation and Installation |
|
|
|
|
|
|
| ||
Step | ? | To Do | MFD | UT Note | Cat I | Cat II/III | Min Std | ||
|
| Preparation and Installation |
|
|
|
|
| ||
---|---|---|---|---|---|---|---|---|---|
1 |
| If machine is a new install, protect it from hostile network traffic, until the operating system is installed and hardened. |
| ! |
| 5.1 | |||
|
| Network Protocols |
|
|
|
|
| ||
2 |
| Disable all protocols other than IP if they are not being utilized. | 01.001 | ! |
| ||||
3 |
| Assign the MFP a static IP address. | 01.002 | ! |
|
| |||
4 |
| Restrict printing/copying/faxing/scanning to the minimum number of subnets practical for the device to function for its group of users. | 01.003 |
| ! |
| |||
5 |
| Use secure communications. |
| ! |
| 5.6 | |||
|
| Management Services |
|
|
|
|
| ||
6 |
| Change default passwords and SNMP community strings. | 02.001 |
| ! | ! | |||
7 |
| Ensure the MFD maintains its configuration state after power-down or reboot. If a full reset is performed, ensure that a process is in place to reconfigure the MFD back to its production state. | 02.002 |
| ! |
|
| ||
8 |
| Disable unneeded management protocols. | 02.003 | ! |
| ||||
9 |
| Upgrade to patched firmware expediently, in a manner consistent with change control processes. | 02.004 |
| ! | ! | |||
10 |
| Utilize automated patching notification, if available. |
| ! | ! | ||||
11 |
| Only allow specific, trusted subnets or hosts to manage the MFD. | 02.005 |
| ! |
| |||
|
| Print/Copy/Scan/Fax Services |
|
|
|
|
|
| |
12 |
| Limit print/copy/fax/scan services to required protocols. | 03.001 | ! |
| ||||
13 |
| If hard disk functionality is enabled, configure the MFD to remove spooled files, images, and other temporary data using a secure overwrite between jobs. | 07.001 | ! |
|
| |||
14 |
| Ensure that the MFD provides secure storage for Cat-I data. |
| ! |
| 5.7 | |||
|
| Logging |
|
|
|
|
| ||
15 |
| Ensure that logging is enabled on MFDs. | 06.001 |
| ! |
| |||
16 |
| Logs are reviewed on a regular basis. | 06.006 |
| ! |
| |||
17 |
| Logs follow data retention policies. |
|
| ! |
| 6.3 | ||
|
| Physical Security |
|
|
|
|
| ||
18 |
| Physically secure the MFD in areas with restricted access. |
| ! |
| ||||
19 |
| Lock and prevent access to the hard disk. | 08.001 | ! |
| ||||
20 |
| Ensure that only printer administrators can modify the global configuration from the console by requiring a password. | 08.002 |
| ! |
|
...