Check: SHPT-00-000240
MS SharePoint 2010 STIG:
SHPT-00-000240
(in version v1 r9)
Title
SharePoint must retain the notification message or banner on the screen until users take explicit actions to log on to or further access. (Cat II impact)
Discussion
To establish acceptance of system usage policy, a click-through banner at application logon is required. The banner shall prevent further activity on the application unless and until the user executes a positive action to agree by clicking on a box indicating "OK" or agreement with the terms of the banner. The text of this banner should be customizable in the event of future user agreement changes.
Check Content
1. Obtain a list of all SharePoint Web applications. 2. Open a Web browser and navigate to the SharePoint Web applications home page. 3. No further access is possible to the SharePoint web application unless a positive action to agree (such as clicking on a box indicating “OK”) is required. 4. If further access to the SharePoint Web application is possible before positive action to agree, this is a finding.
Fix Text
Configure the SharePoint Web application home page to not allow any further access until the user executes a positive action to agree.
Additional Identifiers
Rule ID: SV-36431r1_rule
Vulnerability ID: V-28254
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000050 |
The information system retains the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the information system. |
Controls
Number | Title |
---|---|
AC-8 |
System Use Notification |