Title

A secondary SharePoint site collection administrator must be defined when creating a new site collection. (Cat III impact)

Discussion

If a site reaches its maximum size, users will be denied access until an administrator fixes the problem. Having a secondary administrator reduces the risk of having a Denial-of-Service on a site. If the site reaches its maximum size, the secondary administrator can fix the problem if the primary administrator is not available. In some situations, having a secondary site administrator could be inappropriate for reasons of control or confidentiality.

Check Content

Review the SharePoint server to ensure a secondary site collection administrator is defined when creating a new site collection. Log on to SharePoint Central Administration as a member of the Farm Administration Group. Click on "Application Management". Select "Site Collections" >> Change Site Collections Administrator. For each Site Collections, review Secondary Site Collection Administrator. If Secondary Site Collection Administrator is not defined, this is a finding.

Fix Text

Configure a secondary SharePoint site collection administrator when creating a new site collection. Log on to SharePoint Central Administration as a member of the Farm Administration Group. Click on "Application Management". Select "Site Collections" >> Change Site Collections Administrator. For each site, define a Secondary Site Collection Administrator. Select "OK".

Additional Identifiers

Rule ID: SV-223272r612235_rule

Vulnerability ID: V-223272

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.