Details
Applications are required to display an approved system use notification message or banner before granting access to the system providing privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance and stating that:
(i) users are accessing a U.S. Government information system;
(ii) system usage may be monitored, recorded, and subject to audit;
(iii) unauthorized use of the system is prohibited and subject to criminal and civil penalties; and
(iv) the use of the system indicates consent to monitoring and recording.
System use notification messages can be implemented in the form of warning banners displayed when individuals log on to the information system.
System use notification is intended only for information system access including an interactive logon interface with a human user and is not intended to require notification when an interactive interface does not exist.
Use this banner for desktops, laptops, and other devices accommodating banners of 1300 characters. The banner shall be implemented as a click-through banner at logon (to the extent permitted by the operating system), meaning it prevents further activity on the information system unless and until the user executes a positive action to manifest agreement by clicking on a box indicating ‘OK’.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Configure the SharePoint web application’s home page to display the authorized DoD warning banner text on or before the logon page.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.
References
- 800-53|AC-8a.
- CAT|II
- CCI|CCI-000048
- Rule-ID|SV-223246r612235_rule
- STIG-ID|SP13-00-000045
- STIG-Legacy|SV-74379
- STIG-Legacy|V-59949
- Vuln-ID|V-223246