Details
Applications are required to display an approved system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance and states:
(i) users are accessing a U.S. Government information system;
(ii) system usage may be monitored, recorded, and subject to audit;
(iii) unauthorized use of the system is prohibited and subject to criminal and civil penalties; and
(iv) use of the system indicates consent to monitoring and recording.
System use notification messages can be implemented in the form of warning banners displayed when individuals log in to the information system.
System use notification is intended only for information system access that includes an interactive login interface with a human user and is not intended to require notification when an interactive interface does not exist.
Use this banner for desktops, laptops, and other devices accommodating banners of 1300 characters. The banner shall be implemented as a click-through banner at logon (to the extent permitted by the operating system), meaning it prevents further activity on the information system unless and until the user executes a positive action to agree by clicking on a box indicating ‘OK’ or some other equivalent action.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Configure the SharePoint web application’s home page to display the authorized DoD warning banner text on or before the login page.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.
References
- 800-53|AC-8a.
- CAT|II
- CCI|CCI-000048
- Rule-ID|SV-36428r2_rule
- STIG-ID|SHPT-00-000235
- Vuln-ID|V-28252