Configure A Banner Page For Each Website
An XCCDF Rule
Description
Configure a login banner for each website when authentication is required for user access.
Rationale
A consent banner will be in place to make prospective entrants aware that the website they are about to enter is a DoD web site and their activity is subject to monitoring. The document, DoDI 8500.01, establishes the policy on the use of DoD information systems. It requires the use of a standard Notice and Consent Banner and standard text to be included in user agreements. The requirement for the banner is for websites with security and access controls. These are restricted and not publicly accessible. If the website does not require authentication/authorization for use, then the banner does not need to be present. A manual check of the document root directory for a banner page file (such as banner.html) or navigation to the website via a browser can be used to confirm the information provided from interviewing the web staff.
- ID
- xccdf_org.ssgproject.content_rule_httpd_configure_banner_page
- Severity
- Low
- References
- Updated