SharePoint must be configured to display the banner, when appropriate, before granting further access.

From SharePoint 2010 Security Technical Implementation Guide (STIG)

Part of SRG-APP-000070-COL-000053

Associated with IA controls: ECWM-1

Associated with: CCI-001384 CCI-001385 CCI-001386 CCI-001387 CCI-001388

SV-36432r1_rule SharePoint must be configured to display the banner, when appropriate, before granting further access.

Vulnerability discussion

Applications are required to display the following information:(i) displays the system use information when appropriate, before granting further access; (ii) displays references, if any, to monitoring, recording, or auditing consistent with privacy accommodations for such systems that generally prohibit those activities; and (iii) includes in the notice given to public users of the information system, a description of the authorized uses of the system.System use notification messages can be implemented in the form of warning banners displayed when individuals login to the information system. System use notification is intended only for information system access including an interactive login interface with a human user and is not intended to require notification when an interactive interface does not exist.

Check content

1. Obtain a list of all publicly accessible SharePoint application(s). 2. Open a Web browser and point it to each SharePoint publicly accessible applications. 3. Verify a DoD warning banner is displayed on the home page of each publicly accessible application. 4. If a DoD warning banner is not displayed on the home page of each publicly accessible SharePoint application, this is a finding.

Fix text

Configure publicly accessible SharePoint Web applications home page to display a DoD warning banner before logging in.

Pro Tips

Powered by sagemincer