Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-27996 | SHPT-00-000100 | SV-36114r2_rule | ECCD-1 ECCD-2 | Medium |
Description |
---|
An organization may see fit to define a policy stating certain commands contained within an application require dual authorization before they may be invoked. Dual authorization requires two distinct approving authorities to approve the use of the command prior to being invoked. When the organization defines a set of application related privileged commands requiring dual authorization, the application must support those organizational requirements. Once an information management policy has been created, the metadata and security attributes created can be enforced using a workflow. However, as with most applications, privilege restrictions, such as dual authorizations cannot be set for the super account, Farm Administrator. When adding a workflow to a SharePoint library or list, this enforces a business process on all items in the library or list. A workflow describes the actions the system or users must perform on each item, such as obtain dual approvals. Note: If many documents across different libraries require dual authorization, the site should consider creating a content type and adding this type as part of an information management policy. |
STIG | Date |
---|---|
SharePoint 2010 Security Technical Implementation Guide (STIG) | 2015-10-02 |
Check Text ( C-37322r7_chk ) |
---|
To view what workflows are associated within Central Administration: 1. On the site home page, click Site Actions, and then click Site Settings. 2. On the Site Settings page, in the Site Administration list, click Workflows. 3. Verify there is at least one active workflow configured for dual approval. 4. Mark as a finding if the SSP requires dual approval, but it is not enforced by workflow. 5. Mark as not a finding if dual authorization is not required by the SSP. |
Fix Text (F-32559r6_fix) |
---|
Create an approval workflow for document libraries or documents which requires dual authorization. 1. On the site home page, click Site Actions, and then click Site Settings. 2. On the Site Settings page, in the Site Administration list, click Site libraries and lists. 3. On the Site Libraries and Lists page, select a library or list. 4. On the List Settings page, in the Permissions and Management list, click Workflow Settings. 5. On the Workflow Settings page, click Add a workflow. 6. Follow the directions of the workflow wizard to create an approval workflow that requires dual approval for the documents stored in the selected library. |