4.1 Ensure SharePoint displays an approved system use notification message or banner before granting access to the system.

Information

SharePoint web applications must display an approved system use notification message or banner before granting access.
Rationale:
Applications are required to display an approved system use notification message or banner before granting access to the system providing privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Configure all SharePoint web applications to display the authorized warning banner text at session start. There are many ways to ensure that a warning banner text is shown to the user when using the web application. The following is only one such method of doing so.
For each existing SharePoint site or web application:
1. Verify that a global.asax file exists in each SharePoint web application root directory.
2. Create a back-up on the global.asax file in a safe location.
3. Create a banner page resource file within the web application directories, created to display the authorized warning banner text and redirects the user back to the web application afterwards.
4. Modify the web application global.asax file to add a Session_Start method that redirects the user to the banner page resource created from step 3.

The created banner page resource should successfully display the banner upon the start of a new session and redirect the user to the web application afterwards.

See Also

https://workbench.cisecurity.org/files/2031

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-8a., CSCv6|16

Plugin: Windows

Control ID: 7d8bf37eebfc63ae95d67ba1ce3b0989a4f9e4296c76f909568bdcad92cf4b2a