A secondary SharePoint site collection administrator must be defined when creating a new site collection.

From MS SharePoint 2013 Security Technical Implementation Guide

Part of SRG-APP-000062

Associated with: CCI-000366

SV-74437r1_rule A secondary SharePoint site collection administrator must be defined when creating a new site collection.

Vulnerability discussion

If a site reaches its maximum size, users will be denied access until an administrator fixes the problem. Having a secondary administrator reduces the risk of having a Denial-of-Service on a site. If the site reaches its maximum size, the secondary administrator can fix the problem if the primary administrator is not available. In some situations, having a secondary site administrator could be inappropriate for reasons of control or confidentiality.

Check content

Review the SharePoint server to ensure a secondary site collection administrator is defined when creating a new site collection. Log on to SharePoint Central Administration as a member of the Farm Administration Group. Click on "Application Management". Select "Site Collections" >> Change Site Collections Administrator. For each Site Collections, review Secondary Site Collection Administrator. If Secondary Site Collection Administrator is not defined, this is a finding.

Fix text

Configure a secondary SharePoint site collection administrator when creating a new site collection. Log on to SharePoint Central Administration as a member of the Farm Administration Group. Click on "Application Management". Select "Site Collections" >> Change Site Collections Administrator. For each site, define a Secondary Site Collection Administrator. Select "OK".

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer