Limit Document Sensitivity on MFDs Based on Network Classification
Multifunction devices should not scan or copy documents that are more sensitive than the network they are connected to can handle.
Plain language
This control means making sure that office machines like printers and copiers (called Multifunction Devices, or MFDs) don't handle documents that are too sensitive for the network they're on. This matters because if a document is more sensitive than the network's security level, it could fall into the wrong hands, causing data breaches or revealing private information.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
May 2023
Control Stack last updated
19 May 2026
E8 maturity levels
N/A
Guideline
Guidelines for communications systemsSection
Multifunction devicesOfficial control statement
MFDs are not used to scan or copy documents above the sensitivity or classification of networks they are connected to.
Why it matters
If an MFD scans/copies above its connected network classification, sensitive content can traverse lower networks and be stored on the device, causing data spills.
Operational notes
Configure MFD scan/copy limits to the connected network classification; disable higher-class modes and restrict scan-to paths (email/SMB/USB) to same-class destinations.
Implementation tips
- Office managers should identify the classification level of the network that MFDs are connected to. This involves checking with IT staff or your service provider to determine if the network can handle documents classified as confidential or higher.
- IT teams should configure MFDs to restrict access based on their network classification. This means setting up the MFD so it only scans or copies documents that match the network’s allowed sensitivity level, using the device’s built-in security features.
- Office administrators should inform all staff about the sensitivity limits of documents that can be handled by MFDs. This can be done by sending out a memo or holding a brief training session explaining which documents can be safely scanned or copied.
- Procurement teams should work with IT to purchase MFDs that support document sensitivity controls. Ensure the devices you buy can be programmed to block or alert users if they attempt to scan documents too sensitive for the connected network.
- Regular audits should be set up by the compliance officer to ensure policy adherence. This means checking logs from the MFDs to see if any attempts to handle too-sensitive documents have been made and addressed accordingly.
Audit / evidence tips
- AskThe network classification policy documentation: Request to see the documents that define the sensitivity levels that networks can handle and which MFDs are connected to them GoodShows matched network and MFD classifications
- AskMFD configuration settings: Request the setup details of MFDs to ensure restrictions are applied correctly according to network classification GoodDemonstrates clear restrictions for higher-sensitivity documents
- AskEmployee training records: Request evidence that staff have been informed about MFD document handling rules GoodIncludes proof that staff were trained and understand the limitations
- AskTo review MFD usage logs: Request the logs that show usage history on the MFDs to check for any attempts to handle overly sensitive documents GoodShows no incidents of policy breach
- AskTo see purchasing records specifying MFD requirements: Request contracts or purchase orders that highlight the requirement for MFDs to have document sensitivity settings GoodShows proactively purchasing compliant devices
Cross-framework mappings
How ISM-0589 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.12 | ISM-0589 requires that MFDs are not used to scan or copy documents above the sensitivity/classification of the network they are connected to | |
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 8.9 | ISM-0589 requires controlling MFD configuration and use so higher-classified material is not scanned/copied on lower-classified networks | |
| handshake Supports (1) expand_less | ||
| Annex A 5.13 | ISM-0589 requires MFD usage to be constrained so that scanning/copying does not occur for documents above the network’s classification | |
| extension Depends on (1) expand_less | ||
| Annex A 5.12 | ISM-0589 requires preventing MFD scanning/copying of documents above the sensitivity/classification of the connected network | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.