Check: SHPT-00-000810
MS SharePoint 2010 STIG:
SHPT-00-000810
(in version v1 r9)
Title
SharePoint must identify potentially security-relevant error conditions. (Cat II impact)
Discussion
The error messages and usage data to be monitored should be carefully considered. The extent to which the application is able to identify and handle error conditions is guided by organizational policy and operational requirements. Usage and Health Data Collection Service Application collects data about usage and health of your farm. This information is used for Health Monitoring and this is also required for running the Web Analytics Service. If there is no Usage and Health Data Collection Service Application or the Usage and Health Data Collection Proxy is stopped, the Web Analytics Report will not show any data. SharePoint Usage and Health Data Collection Service Application must be enabled in order to detect potential security errors. The usage and health data settings are farm-wide and cannot be set for individual servers in the farm.
Check Content
1. In SharePoint Central Administration, click Monitoring. 2. On the Monitoring page, in the Reporting list, click Configure usage and health data collection. 3. On the Configure web analytics and health data collection page, in the Usage Data Collection section, verify Enable usage data collection is checked. 4. In the Health Data Collection section, verify Enable health data collection is checked. 5. Mark as a finding if Enable usage data collection and Enable health data collection are not checked.
Fix Text
Enable and configure the Usage and Health Data Collection Service Application. 1. In SharePoint Central Administration, click Monitoring. 2. On the Monitoring page, in the Reporting list, click Configure usage and health data collection. 3. On the Configure web analytics and health data collection page, in the Usage Data Collection section, check the box for Enable usage data collection. 4. In the Health Data Collection section, check the box for Enable health data collection. 5. Click OK.
Additional Identifiers
Rule ID: SV-36713r2_rule
Vulnerability ID: V-28026
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001312 |
The information system generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. |
Controls
Number | Title |
---|---|
SI-11 |
Error Handling |