Title

SharePoint must be configured to display the banner, when appropriate, before granting further access. (Cat II impact)

Discussion

Applications are required to display the following information: (i) displays the system use information when appropriate, before granting further access; (ii) displays references, if any, to monitoring, recording, or auditing consistent with privacy accommodations for such systems that generally prohibit those activities; and (iii) includes in the notice given to public users of the information system, a description of the authorized uses of the system. System use notification messages can be implemented in the form of warning banners displayed when individuals login to the information system. System use notification is intended only for information system access including an interactive login interface with a human user and is not intended to require notification when an interactive interface does not exist.

Check Content

1. Obtain a list of all publicly accessible SharePoint application(s). 2. Open a Web browser and point it to each SharePoint publicly accessible applications. 3. Verify a DoD warning banner is displayed on the home page of each publicly accessible application. 4. If a DoD warning banner is not displayed on the home page of each publicly accessible SharePoint application, this is a finding.

Fix Text

Configure publicly accessible SharePoint Web applications home page to display a DoD warning banner before logging in.

Additional Identifiers

Rule ID: SV-36432r1_rule

Vulnerability ID: V-28256

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.