STIGQter STIGQter: STIG Summary: MS SharePoint 2013 Security Technical Implementation Guide Version: 1 Release: 8 Benchmark Date: 25 Oct 2019: SharePoint must terminate user sessions upon user logoff, and when idle time limit is exceeded.

DISA Rule

SV-74407r1_rule

Vulnerability Number

V-59977

Group Title

SRG-APP-000220

Rule Version

SP13-00-000115

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the SharePoint server to terminate user sessions upon user logoff, and when idle time limit is exceeded.

Navigate to Central Administration website.

Click "Application Management".

Click "Manage Web Applications".

Repeat the following steps for each web application:
-Select the web application.
-Click "General Settings" in the "Web Application" ribbon.
-In the "Web Page Security Validation" section, set "Security Validation:" to "On" and that the "Security Validation Expires:" setting is set to 15 minutes.

Check Contents

Review the SharePoint server configuration to ensure user sessions are terminated upon user logoff, and when idle time limit is exceeded.

Navigate to Central Administration website.

Click "Application Management".

Click "Manage Web Applications".

Repeat the following steps for each web application:
-Select the web application.
-Click "General Settings" in the "Web Application" ribbon.
-In the "Web Page Security Validation" section, verify that "Security Validation is:" is set to "On" and that the "Security Validation Expires:" setting is set to 15 minutes.

Otherwise, this is a finding.

Vulnerability Number

V-59977

Documentable

False

Rule Version

SP13-00-000115

Severity Override Guidance

Review the SharePoint server configuration to ensure user sessions are terminated upon user logoff, and when idle time limit is exceeded.

Navigate to Central Administration website.

Click "Application Management".

Click "Manage Web Applications".

Repeat the following steps for each web application:
-Select the web application.
-Click "General Settings" in the "Web Application" ribbon.
-In the "Web Page Security Validation" section, verify that "Security Validation is:" is set to "On" and that the "Security Validation Expires:" setting is set to 15 minutes.

Otherwise, this is a finding.

Check Content Reference

M

Target Key

2801

Comments