SHPT-00-000445 - SharePoint must protect audit tools from unauthorized access - 'Verify Users and Groups with Full Control'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may provide the only means to manipulate and manage application and system log data.

SharePoint is an integrated product with comprehensive built-in auditing capabilities working with the Windows system event log. Additional trace logs and usage logs are created by the application and are placed in a designated folder. Logs of actions taken by users of site content (editing, modifying, viewing, deleting, etc.), are stored in a SQL database.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Remove users and groups from the site administrator / site owner groups.
Remove unneeded identifiers from site collection administrators.

1. On the site home page, click Site Actions, and then click Site Settings.
2. On the Site Settings page, in the Users and Permissions list, click Site collection administrators.
3. Remove any non-site owner users or groups.
4. Click OK.

Change permissions on users and groups not requiring full site control.
1. On the site home page, click Site Actions, and then click Site Permissions.
2. Put users not requiring full control in groups with less privilege (i.e., Site contributor, site user).

See Also

http://iasecontent.disa.mil/stigs/zip/Oct2015/U_Sharepoint_2010_V1R7_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|II, CCI|CCI-001493, Rule-ID|SV-36599r2_rule, STIG-ID|SHPT-00-000445, Vuln-ID|V-28097

Plugin: Windows

Control ID: b9fc8edcd3bdb0c3a5a5076e20ad32fb89e3943253f68cfb8e12b1d83b983b65