"Who can view the membership of the group?" must be set to [Group Members] when creating new site groups.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-29374 | SHPT-00-000198 | SV-38152r1_rule | ECLP-1 | Medium |
| Description |
|---|
| The alternative to this recommendation is to allow everyone to view the members of the group. In some situations, however, knowing the membership of a group can reveal other sensitive information. This might be the case in a collaborative environment in which people from different functional organizations are members of the same group to accomplish some team objective. In such a case, knowing the membership of the group could reveal some part or their entire objective, which may be sensitive information. |
| STIG | Date |
|---|---|
| SharePoint 2010 Security Technical Implementation Guide (STIG) | 2011-12-20 |
Details
| Check Text ( C-37522r1_chk ) |
|---|
| 1. Log on to SharePoint Central Administration as a member of the Farm Administration Group. 2. Select Site Actions > Site Settings > People and Groups. 3. Select Settings > Group Settings. 4. For each group listed, navigate to "Who can view the membership of the group?" section. 5. If the “Group Members” option is not selected, then this is a finding. |
| Fix Text (F-32770r1_fix) |
|---|
| 1. Log on to SharePoint Central Administration as a member of the Farm Administration Group. 2. Select Site Actions > Site Settings > People and Groups. 3. Select Settings > Group Settings 4. For each group listed: - Navigate to "Who can view the membership of the group?" section. - Select Group Members. - Select “OK”. |