IISW-SI-000264 - The required DoD banner page must be displayed to authenticated users accessing a DoD private website.

Information

A consent banner will be in place to make prospective entrants aware that the website they are about to enter is a DoD web site and their activity is subject to monitoring. The document, DoDI 8500.01, establishes the policy on the use of DoD information systems. It requires the use of a standard Notice and Consent Banner and standard text to be included in user agreements. The requirement for the banner is for websites with security and access controls. These are restricted and not publicly accessible. If the website does not require authentication/authorization for use, then the banner does not need to be present. A manual check of the document root directory for a banner page file (such as banner.html) or navigation to the website via a browser can be used to confirm the information provided from interviewing the web staff.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure a DoD private website to display the required DoD banner page when authentication is required for user access.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_8-5_Y23M10_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-214496r879887_rule, STIG-ID|IISW-SI-000264, STIG-Legacy|SV-91587, STIG-Legacy|V-76891, Vuln-ID|V-214496

Plugin: Windows

Control ID: 0e7e13e6569e57a12a382fdbec2ea282883ef71247d9465c1660f5a379bd22c2