SharePoint must terminate the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-28071 | SHPT-00-000645 | SV-37794r1_rule | DCBP-1 | Medium |
| Description |
|---|
| This requirement applies to both internal and external networks. Terminating network connections associated with communications sessions include, de-allocating associated TCP/IP address/port pairs at the operating-system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single operating system-level network connection. The time period of inactivity may, as the organization deems necessary, be a set of time periods by type of network access or for specific accesses. |
| STIG | Date |
|---|---|
| SharePoint 2010 Security Technical Implementation Guide (STIG) | 2011-12-20 |
Details
| Check Text ( C-37028r1_chk ) |
|---|
| 1. In Central Administration, navigate to Application Management -> Manage Applications. 2. Click a web application to view the configuration. 3. Click on General settings and verify Web Page Validation Setting is set to 10 minutes. 4. Mark as a finding if Web Page Validation Setting is set to a value greater than 10 minutes. |
| Fix Text (F-32295r1_fix) |
|---|
| 1. In Central Administration, navigate to Application Management -> Manage Applications. 2. Click a web application to view the configuration. 3. Click on General settings and set Web Page Validation to 10 minutes. |