Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
"Who can view the membership of the group?" must be set to [Group Members] when creating new site groups.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-29374 | SHPT-00-000198 | SV-38152r1_rule | ECLP-1 | Medium |
| Description |
|---|
| The alternative to this recommendation is to allow everyone to view the members of the group. In some situations, however, knowing the membership of a group can reveal other sensitive information. This might be the case in a collaborative environment in which people from different functional organizations are members of the same group to accomplish some team objective. In such a case, knowing the membership of the group could reveal some part or their entire objective, which may be sensitive information. |
| STIG | Date |
|---|---|
| SharePoint 2010 Security Technical Implementation Guide (STIG) | 2011-12-20 |
Details
| Check Text ( C-37522r1_chk ) |
|---|
| 1. Log on to SharePoint Central Administration as a member of the Farm Administration Group. 2. Select Site Actions > Site Settings > People and Groups. 3. Select Settings > Group Settings. 4. For each group listed, navigate to "Who can view the membership of the group?" section. 5. If the “Group Members” option is not selected, then this is a finding. |
| Fix Text (F-32770r1_fix) |
|---|
| 1. Log on to SharePoint Central Administration as a member of the Farm Administration Group. 2. Select Site Actions > Site Settings > People and Groups. 3. Select Settings > Group Settings 4. For each group listed: - Navigate to "Who can view the membership of the group?" section. - Select Group Members. - Select “OK”. |