STIGQter: STIG Summary: Microsoft SharePoint 2013 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

SharePoint must terminate user sessions upon user logoff, and when idle time limit is exceeded.

DISA Rule

SV-223258r612235_rule

Vulnerability Number

V-223258

Group Title

SRG-APP-000220

Rule Version

SP13-00-000115

Severity

CAT I

CCI(s)

• CCI-001185 - The information system invalidates session identifiers upon user logout or other session termination.

Weight

10

Fix Recommendation

Configure the SharePoint server to terminate user sessions upon user logoff, and when idle time limit is exceeded.

Navigate to Central Administration website.

Click "Application Management".

Click "Manage Web Applications".

Repeat the following steps for each web application:
-Select the web application.
-Click "General Settings" in the "Web Application" ribbon.
-In the "Web Page Security Validation" section, set "Security Validation:" to "On" and that the "Security Validation Expires:" setting is set to 15 minutes.

Check Contents

Review the SharePoint server configuration to ensure user sessions are terminated upon user logoff, and when idle time limit is exceeded.

Navigate to Central Administration website.

Click "Application Management".

Click "Manage Web Applications".

Repeat the following steps for each web application:
-Select the web application.
-Click "General Settings" in the "Web Application" ribbon.
-In the "Web Page Security Validation" section, verify that "Security Validation is:" is set to "On" and that the "Security Validation Expires:" setting is set to 15 minutes.

Otherwise, this is a finding.

Vulnerability Number

V-223258

Documentable

False

Rule Version

SP13-00-000115

Severity Override Guidance

Review the SharePoint server configuration to ensure user sessions are terminated upon user logoff, and when idle time limit is exceeded.

Navigate to Central Administration website.

Click "Application Management".

Click "Manage Web Applications".

Repeat the following steps for each web application:
-Select the web application.
-Click "General Settings" in the "Web Application" ribbon.
-In the "Web Page Security Validation" section, verify that "Security Validation is:" is set to "On" and that the "Security Validation Expires:" setting is set to 15 minutes.

Otherwise, this is a finding.

Check Content Reference

M

Target Key

4096

Comments