IIST-SI-000264 - The required DoD banner page must be displayed to authenticated users accessing a DoD private website.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

A consent banner will be in place to inform prospective entrants the website they are about to enter is a DoD website and their activity is subject to monitoring. The document, DoDI 8500.01, establishes the policy on the use of DoD information systems. It requires the use of a standard Notice and Consent Banner and standard text to be included in user agreements. The requirement for the banner is for websites with security and access controls. These are restricted and not publicly accessible. If the website does not require authentication/authorization for use, then the banner does not need to be present. A manual check of the document root directory for a banner page file (such as banner.html) or navigation to the website via a browser can be used to confirm the information provided from interviewing the web staff.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure a DoD private website to display the required DoD banner page when authentication is required for user access.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_10-0_Y24M07_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000366, Rule-ID|SV-218782r879887_rule, STIG-ID|IIST-SI-000264, STIG-Legacy|SV-109389, STIG-Legacy|V-100285, Vuln-ID|V-218782

Plugin: Windows

Control ID: 3946f515707de636d7988574fbfa1815da25c29984e26f1117d3766f8a9da0a9