800-53|SC-2(1)

Title

INTERFACES FOR NON-PRIVILEGED USERS

Description

The information system prevents the presentation of information system management-related functionality at an interface for non-privileged users.

Supplemental

This control enhancement ensures that administration options (e.g., administrator privileges) are not available to general users (including prohibiting the use of the grey-out option commonly used to eliminate accessibility to such information). Such restrictions include, for example, not presenting administration options until users establish sessions with administrator privileges.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-3

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: APPLICATION PARTITIONING

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
SHPT-00-000690 - The Central Administration site must not be accessible from Extranet or Internet connections.	Windows	DISA STIG SharePoint 2010 v1r9
SHPT-00-000692 - Access to Central Administration site must be limited to authorized users and groups.	Windows	DISA STIG SharePoint 2010 v1r9
SP13-00-000150 - The SharePoint Central Administration site must not be accessible from Extranet or Internet connections.	Windows	DISA STIG SharePoint 2013 v2r3

Detections

Analytics