UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The “Automatically delete the site collection if use is not confirmed” property must not be enabled for web applications.


Overview

Finding ID Version Rule ID IA Controls Severity
V-29363 SHPT-00-000127 SV-38109r1_rule EBBD-1 EBBD-2 EBBD-3 Medium
Description
Automatic deletion is an administrative feature that can delete unused sites without administrative intervention and without a backup mechanism. Automatic deletion permanently removes all content and information from the site collection and any sites beneath it. If the site collection administrator or secondary site collection administrator fails to confirm a site is still in use when receiving an email notification asking if the site is still in use, the site is automatically deleted. This could result in a Denial-of-Service to the users of that site. Also, data could be lost if a backup was not made prior to removing the site collection.
STIG Date
SharePoint 2010 Security Technical Implementation Guide (STIG) 2011-12-20

Details

Check Text ( C-37482r1_chk )
1. Log on to SharePoint 2010 Central Administration.
2. Navigate to Application Management > Site Collections.
3. Select “Confirm site use and deletion”.
4. Repeat the following steps for each web application:
- Select the web application.
- Verify that the "Automatically delete the site collection if use is not confirmed" checkbox is not checked.
5. Mark as a finding if the checkbox is checked for any active application on the SharePoint farm.
Fix Text (F-32729r1_fix)
Disable the "Automatically delete the site collection if use is not confirmed" property for each web application.

1. Logon to SharePoint 2010 Central Administration.
2. Navigate to Application Management > Site Collections.
3. Select “Confirm site use and deletion”.
4. Repeat the following steps for each web application:
5. Select the web application.
6. Deselect the "Automatically delete the site collection if use is not confirmed" checkbox.