From SharePoint 2013 Security Technical Implementation Guide
Part of SRG-APP-000090
Associated with: CCI-000171
Audit records can be generated from various components within the information system, such as network interfaces, hard disks, modems, etc. From an application perspective, certain specific application functionalities may be audited as well.
Review the SharePoint server configuration to ensure designated organizational personnel are allowed to select which auditable events are to be audited by specific components of the system. Navigate to Central Administration. Click "Monitoring". Click "Configure Diagnostic Logging". Validate that the selected event categories and trace levels match those defined by the organization's system security plan. Remember that a base set of events are always audited. If the selected event categories/trace levels are inconsistent with those defined in the organization's system security plan, this is a finding.
Configure the SharePoint server configuration to allow designated organizational personnel to select which auditable events are to be audited by specific components of the system. Navigate to Central Administration. Click "Monitoring". Click "Configure Diagnostic Logging". Select the event categories and trace levels to match those defined by the organization's system security plan. Remember that a base set of events is always audited. Click "Ok".
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer