STIGQter: STIG Summary: Microsoft SharePoint 2013 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

SharePoint must allow designated organizational personnel to select which auditable events are to be audited by specific components of the system.

DISA Rule

SV-223247r612235_rule

Vulnerability Number

V-223247

Group Title

SRG-APP-000090

Rule Version

SP13-00-000055

Severity

CAT II

CCI(s)

• CCI-000171 - The information system allows organization-defined personnel or roles to select which auditable events are to be audited by specific components of the information system.

Weight

10

Fix Recommendation

Configure the SharePoint server configuration to allow designated organizational personnel to select which auditable events are to be audited by specific components of the system.

Navigate to Central Administration.

Click "Monitoring".

Click "Configure Diagnostic Logging".

Select the event categories and trace levels to match those defined by the organization's system security plan.

Remember that a base set of events is always audited.

Click "Ok".

Check Contents

Review the SharePoint server configuration to ensure designated organizational personnel are allowed to select which auditable events are to be audited by specific components of the system.

Navigate to Central Administration.

Click "Monitoring".

Click "Configure Diagnostic Logging".

Validate that the selected event categories and trace levels match those defined by the organization's system security plan.

Remember that a base set of events are always audited.

If the selected event categories/trace levels are inconsistent with those defined in the organization's system security plan, this is a finding.

Vulnerability Number

V-223247

Documentable

False

Rule Version

SP13-00-000055

Severity Override Guidance

Review the SharePoint server configuration to ensure designated organizational personnel are allowed to select which auditable events are to be audited by specific components of the system.

Navigate to Central Administration.

Click "Monitoring".

Click "Configure Diagnostic Logging".

Validate that the selected event categories and trace levels match those defined by the organization's system security plan.

Remember that a base set of events are always audited.

If the selected event categories/trace levels are inconsistent with those defined in the organization's system security plan, this is a finding.

Check Content Reference

M

Target Key

4096

Comments