STIGQter: STIG Summary: Microsoft SharePoint 2013 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

SharePoint must prevent the execution of prohibited mobile code.

DISA Rule

SV-223249r612235_rule

Vulnerability Number

V-223249

Group Title

SRG-APP-000112

Rule Version

SP13-00-000065

Severity

CAT I

CCI(s)

• CCI-001695 - The information system prevents the execution of organization-defined unacceptable mobile code.

Weight

10

Fix Recommendation

Configure SharePoint to prevent the execution of prohibited mobile code.

Navigate to Central Administration.

Click Manage Web Applications.

For each Web Application in the Farm:
-Click on the Web Application to configure.
-Click on the drop-down box below General Settings.
-Click on General Settings in the drop down box.
-Under Browser File Handling, verify that "Strict" is selected.

If "Strict" is not selected, this is a finding.

Mobile code can be further restricted to meet the policy of the organization:

Log on to a farm server hosting Central Administration.

Click Start and type SharePoint 2013 Management Shell followed by Enter.

Type $webApp = Get-SPWebApplication -Identity {URL} where {URL is the {URL} of the web application to configure.

Press Enter.

Type $webApp.AllowedInlineDownloadedMimeTypes. Remove ({mime type}) where {mime type} represents the mime type to remove (e.g., application\x-shockwave-flash).

Press Enter.

Check Contents

Review the SharePoint server configuration to ensure the execution of prohibited mobile code is prevented.

Navigate to Central Administration.

Click Manage Web Applications.

For each Web Application in the Farm:
-Click on the Web Application to configure.
-Click on the drop-down box below General Settings.
-Click on General Settings in the drop down box.
-Under Browser File Handling, verify that "Strict" is selected.

If "Strict" is not selected, this is a finding.

Vulnerability Number

V-223249

Documentable

False

Rule Version

SP13-00-000065

Severity Override Guidance

Review the SharePoint server configuration to ensure the execution of prohibited mobile code is prevented.

Navigate to Central Administration.

Click Manage Web Applications.

For each Web Application in the Farm:
-Click on the Web Application to configure.
-Click on the drop-down box below General Settings.
-Click on General Settings in the drop down box.
-Under Browser File Handling, verify that "Strict" is selected.

If "Strict" is not selected, this is a finding.

Check Content Reference

M

Target Key

4096

Comments