SP13-00-000045 - SharePoint must display an approved system use notification message or banner before granting access to the system.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Applications are required to display an approved system use notification message or banner before granting access to the system providing privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance and stating that:

(i) users are accessing a U.S. Government information system;
(ii) system usage may be monitored, recorded, and subject to audit;
(iii) unauthorized use of the system is prohibited and subject to criminal and civil penalties; and
(iv) the use of the system indicates consent to monitoring and recording.

System use notification messages can be implemented in the form of warning banners displayed when individuals log on to the information system.

System use notification is intended only for information system access including an interactive logon interface with a human user and is not intended to require notification when an interactive interface does not exist.

Use this banner for desktops, laptops, and other devices accommodating banners of 1300 characters. The banner shall be implemented as a click-through banner at logon (to the extent permitted by the operating system), meaning it prevents further activity on the information system unless and until the user executes a positive action to manifest agreement by clicking on a box indicating 'OK'.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the SharePoint web application's home page to display the authorized DoD warning banner text on or before the logon page.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SharePoint_2013_V2R2_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000048, Rule-ID|SV-223246r612235_rule, STIG-ID|SP13-00-000045, STIG-Legacy|SV-74379, STIG-Legacy|V-59949, Vuln-ID|V-223246

Plugin: Windows

Control ID: 3de979aacd460256491e5b86ec0974fe244ed1c0fd838e37d5486369871c8f57