The privilege to edit group membership must be restricted to authorized individuals.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-29372 | SHPT-00-000196 | SV-38147r1_rule | ECLP-1 | Medium |
| Description |
|---|
| Adding and removing group members may have security implications for the sites the group has access. Inadvertent addition or deletion of members to/from groups may endanger the security of the site. Only the owner of the group should have this capability. Careless addition or removal of group members in a group can have negative security implications for the sites the group has access. If only the owner of the group has the capability to edit membership of the group, the risk of having undesired members in the group is significantly reduced. |
| STIG | Date |
|---|---|
| SharePoint 2010 Security Technical Implementation Guide (STIG) | 2011-12-20 |
Details
| Check Text ( C-37518r1_chk ) |
|---|
| 1. Log on to SharePoint Central Administration as a member of the Farm Administration Group. 2. Select Site Actions > Site Settings > People and Groups. 3. Select Settings > Group Settings. 4. For each Group listed, navigate to “Who can edit membership of the group?” section. 5. If the “Group Owner” option is not selected, then this is a finding. |
| Fix Text (F-32765r1_fix) |
|---|
| 1. Log on to SharePoint Central Administration as a member of the Farm Administration Group. 2. Select Site Actions > Site Settings > People and Groups. 3. Select Settings > Group Settings. 4. For each group listed: - Navigate to “Who can edit membership of the group?” - Select Group Owner. - Select “OK”. |