Authentication measures for MFDs are the same strength as those used for workstations on networks they are connected to.
Topic
Authenticating to multifunction devices
Applicable to
all
History
Priority
must
Jun 2023
Authentication measures for MFDs are the same strength as those used for workstations on networks they are connected to.
The existing control relating to ensuring that controls for MFDs connected to networks being of a similar strength to other devices was amended to clarify that it related to user authentication. For example, if multi-factor authentication is implemented for workstations on a network, it should also be implemented for MFDs.
Jun 2022
Controls for MFDs connected to networks are of a similar strength to those for other devices on networks.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content. This included the adoption of ‘control’ terminology, in preference to ‘security control’ terminology, to allow for the capture of other types of controls in the future, such as privacy controls, in addition to security controls.
In addition, formatting changes were made to the system security plan annex template and the cloud controls matrix template in order to increase their alignment, such as the inclusion of an ‘implementation status’ column within the system security plan annex template. Furthermore, a new ‘responsible entity’ column was added to both templates in order to capture information on the responsible system (in the case of inherited controls) or responsible vendor (in the case of multi-vendor systems) that are responsible for the implementation of controls. Note, this column can also be used to capture information on teams or individuals that are responsible for the implementation of controls if desired.
Mar 2022
Security controls for MFDs connected to networks are of a similar strength to those for other devices on networks.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
Dec 2019
Security controls for MFDs connected to a network are of a similar strength to those for other devices on the network.
Security control 0590 was modified to remove overlap with other gateway security controls.
Nov 2019
Where MFDs connected to computer networks have the ability to communicate via a gateway to another network:
§ each MFD applies user identification, authentication and audit functions for all information communicated by that device
§ security controls are of similar strength to those specified for workstations on that network
§ each gateway can identify and filter information in accordance with the security controls for the export of data via a gateway.
2017
Where MFDs connected to computer networks have the ability to communicate via a gatewayto another network, agencies should ensure that:• each MFD applies user identification, authentication and audit functions for all informationcommunicated by that device• these mechanisms are of similar strength to those specified for workstations on thatnetwork• each gateway can identify and filter the information in accordance with the requirements forthe export of data via a gateway.
Control Text Changed. No public explaination.
2015
Where MFDs connected to computer networks have the ability to communicate via a gatewayto another network, agencies must ensure that:• each MFD applies user identification, authentication and audit functions for all informationcommunicated by that device• these mechanisms are of similar strength to those specified for workstations onthat network• each gateway can identify and filter the information in accordance with the requirements forthe export of data via a gateway.
2010
Where MFDs connected to computer networks have the ability to communicate via a gateway to anothernetwork, agencies must ensure:• each MFD applies user identification, authentication and audit functions for all informationcommunicated by that device• these mechanisms are of similar strength to those specified for workstations on that network• each gateway can identify and filter the information in accordance with the requirements for the exportof data via a gateway.
2008
Where network connected MFDs have the ability to communicate information via a gateway to another network, agencies must ensure that: a. each MFD applies user identification, authentication and audit functions for all information communicated by system users from that device b. these mechanisms are of similar strength to those specified for workstations on that network c. the gateway can identify and filter the information in accordance with the requirements for the export of data.