SHPT-00-000240 – SharePoint must retain the notification message or banner on the screen until users take explicit actions to log on to or further access.

Details

To establish acceptance of system usage policy, a click-through banner at application logon is required. The banner shall prevent further activity on the application unless and until the user executes a positive action to agree by clicking on a box indicating ‘OK’ or agreement with the terms of the banner. The text of this banner should be customizable in the event of future user agreement changes.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the SharePoint Web application home page to not allow any further access until the user executes a positive action to agree.

Supportive Information

The following resource is also helpful.

https://iasecontent.disa.mil/stigs/zip/U_MS_SharePoint_2010_V1R9_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.

References

800-53|AC-8b.
CAT|II
CCI|CCI-000050
Rule-ID|SV-36431r1_rule
STIG-ID|SHPT-00-000240
Vuln-ID|V-28254

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles