Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-29363 | SHPT-00-000127 | SV-38109r2_rule | Medium |
Description |
---|
Automatic deletion is an administrative feature that can delete unused sites without administrative intervention and without a backup mechanism. Automatic deletion permanently removes all content and information from the site collection and any sites beneath it. If the site collection administrator or secondary site collection administrator fails to confirm a site is still in use when receiving an email notification asking if the site is still in use, the site is automatically deleted. This could result in a Denial-of-Service to the users of that site. Also, data could be lost if a backup was not made prior to removing the site collection. |
STIG | Date |
---|---|
MS SharePoint 2010 Security Technical Implementation Guide | 2018-04-02 |
Check Text ( C-37482r2_chk ) |
---|
1. In SharePoint Central Administration, click Application Management. 2. On the Application Management page, in the Site Collections list, click Confirm site use and delegation. 3. Repeat the following steps for each web application: - Select the web application. - Verify that the "Automatically delete the site collection if use is not confirmed" checkbox is not checked. 4. Mark as a finding if the checkbox is checked for any active application on the SharePoint farm. |
Fix Text (F-32729r4_fix) |
---|
Disable the "Automatically delete the site collection if use is not confirmed" property for each web application. 1. In Central Administration, click Application Management. 2. On the Application Management page, in the Site Collections list, click Confirm site use and deletion. 3. Repeat the following steps for each web application: - Select the web application. - Deselect the "Automatically delete the site collection if use is not confirmed" checkbox. |