Back

Configure attached printers and shared printers.


CONTROL ID
04499
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system hardening procedures., CC ID: 12001

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Concrete measures to prevent illegal and unauthorized actions and protect secrecy when creating and handling output information include measures against illegal action, such as, for printer output, nominating persons to be in charge of printing and specifying restrictions and restricting the extent … (O37.3(2).2, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • Use the secure print/pull print feature if provided by the MFP. (Annex A2: Security for Printers, Copiers, Scanners and Fax Machines (MFPs) 22, Singapore(PDPC) Guide to Securing Personal Data in Electronic Medium, Revised 20 January 2017)
  • Printer sharing must be disabled on all wireless clients and remote access devices. (§ 4.1.5, § 4.1.6, DISA Secure Remote Computing Security Technical Implementation Guide, Version 1 Release 2)
  • Locally attached printers that have been configured to be shared should have the following share permissions set: Users - Print; Administrators - Print, Manage Printers, Manage Documents; SYSTEM - Print, Manage Printers, Manage Documents; and CREATOR OWNER - Print, Manage Printers, Manage Documents. (§ 5.1.4, DISA Windows Server 2003 Security Checklist, Version 6 Release 1.11)
  • All shared printers should have the following shared permissions set: Users: Print; Administrators: Print, Manage Printers, Manage Documents; SYSTEM: Print, Manage Printers, Manage Documents; and CREATOR OWNER: Print, Manage Printers, Manage Documents. (§ 3.4 (3.027), DISA Windows VISTA Security Checklist, Version 6 Release 1.11)
  • All locally attached printers that have been set up to be shared over the network should have these share permissions: Administrators: Print, Manage Printers, Manage Documents; Users: Print; SYSTEM: Print, Manage Printers, Manage Documents; and CREATOR OWNER: Print, Manage Printers, Manage Documents… (§ 5.1.4, DISA Windows XP Security Checklist, Version 6 Release 1.11)
  • Disable the scan to SMTP (email) feature on all MFDs. (MFD07.005, Multi-Function Device (MFD) and Printer Checklist for Sharing Peripherals Across the Network Security Technical Implementation Guide, Version 1 Release 1.3)
  • Do the procedures for client computers with wireless Network Interface Cards include disabling file sharing and printer sharing? (IT - WLANS Q 18c, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)