InformationSharePoint web applications must display an approved system use notification message or
banner before granting access.
Applications are required to display an approved system use notification message or
banner before granting access to the system providing privacy and security notices
consistent with applicable federal laws, Executive Orders, directives, policies, regulations,
standards, and guidance.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
SolutionConfigure all SharePoint web applications to display the authorized warning banner text at
session start. There are many ways to ensure that a warning banner text is shown to the
user when using the web application. The following is only one such method of doing so.
For each existing SharePoint site or web application:
1. Verify that a global.asax file exists in each SharePoint web application root directory.
2. Create a back-up on the global.asax file in a safe location.
3. Create a banner page resource file within the web application directories, created to
display the authorized warning banner text and redirects the user back to the web
4. Modify the web application global.asax file to add a Session_Start method that
redirects the user to the banner page resource created from step 3.
The created banner page resource should successfully display the banner upon the start of
a new session and redirect the user to the web application afterwards.