Printing security controls
Control : PRNT-2307
The configuration file (cupsd.conf) should be have limited file permissions. This reduces who can see the configuration of the CUPS daemon. Generally it should not be readable for normal users.
Control : PRNT-2308
Depending on the usage of the CUPS daemon, listening on the network should be limited. If the daemon is used a local spooler, it should be configured to listen on localhost only.