UCF STIG Viewer Logo

The “Automatically delete the site collection if use is not confirmed” property must not be enabled for web applications.


Overview

Finding ID Version Rule ID IA Controls Severity
V-29363 SHPT-00-000127 SV-38109r2_rule Medium
Description
Automatic deletion is an administrative feature that can delete unused sites without administrative intervention and without a backup mechanism. Automatic deletion permanently removes all content and information from the site collection and any sites beneath it. If the site collection administrator or secondary site collection administrator fails to confirm a site is still in use when receiving an email notification asking if the site is still in use, the site is automatically deleted. This could result in a Denial-of-Service to the users of that site. Also, data could be lost if a backup was not made prior to removing the site collection.
STIG Date
MS SharePoint 2010 Security Technical Implementation Guide 2019-01-02

Details

Check Text ( C-37482r2_chk )
1. In SharePoint Central Administration, click Application Management.
2. On the Application Management page, in the Site Collections list, click Confirm site use and delegation.
3. Repeat the following steps for each web application:
- Select the web application.
- Verify that the "Automatically delete the site collection if use is not confirmed" checkbox is not checked.
4. Mark as a finding if the checkbox is checked for any active application on the SharePoint farm.
Fix Text (F-32729r4_fix)
Disable the "Automatically delete the site collection if use is not confirmed" property for each web application.

1. In Central Administration, click Application Management.
2. On the Application Management page, in the Site Collections list, click Confirm site use and deletion.
3. Repeat the following steps for each web application:
- Select the web application.
- Deselect the "Automatically delete the site collection if use is not confirmed" checkbox.