STIGQter: STIG Summary: Microsoft SharePoint 2013 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

SharePoint must implement an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions.

DISA Rule

SV-223260r612235_rule

Vulnerability Number

V-223260

Group Title

SRG-APP-000219

Rule Version

SP13-00-000125

Severity

CAT I

CCI(s)

• CCI-001184 - The information system protects the authenticity of communications sessions.

Weight

10

Fix Recommendation

Configure the SharePoint server to implement an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions.

Log on to the server that hosts the farm's Central Administration website.

Open IIS Manager.

Expand "Sites" tree view and right-click the web application named "SharePoint Central Administration".

Select "Edit Bindings ...".

Select the site binding record and click "Edit".

From the "IP Address" dropdown list, select an OOB IP address.

Click "Ok".

*NOTE: If the Central Administration site has multiple site bindings, steps will need to be repeated for each site binding.

Check Contents

Review the SharePoint server configuration to ensure an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions are implemented.

Log on to the server that hosts the farm's Central Administration website.

Open IIS Manager.

Expand "Sites" tree view and right-click the web application named "SharePoint Central Administration".

Select "Edit Bindings ...".

Confirm the site is bound to an out-of-band (OOB) IP address.

If the site is bound to a production IP address or not bound to a specific IP address, this is a finding.

Vulnerability Number

V-223260

Documentable

False

Rule Version

SP13-00-000125

Severity Override Guidance

Review the SharePoint server configuration to ensure an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions are implemented.

Log on to the server that hosts the farm's Central Administration website.

Open IIS Manager.

Expand "Sites" tree view and right-click the web application named "SharePoint Central Administration".

Select "Edit Bindings ...".

Confirm the site is bound to an out-of-band (OOB) IP address.

If the site is bound to a production IP address or not bound to a specific IP address, this is a finding.

Check Content Reference

M

Target Key

4096

Comments