STIGQter: STIG Summary: Microsoft SharePoint 2013 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

SharePoint must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission, unless the transmitted data is otherwise protected by alternative physical measures.

DISA Rule

SV-223262r612235_rule

Vulnerability Number

V-223262

Group Title

SRG-APP-000440

Rule Version

SP13-00-000135

Severity

CAT I

CCI(s)

• CCI-002421 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards.

Weight

10

Fix Recommendation

Configure the SharePoint server to employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission, unless the transmitted data is otherwise protected by alternative physical measures.

Open IIS Manager.

In the Connections pane, expand Sites.

Click the Web Application site.

In the Actions pane, click Bindings.

In the Site Bindings window, click Add.

In the Add Site Binding window, change Type to https, and select the site's SSL certificate.

Click OK, and then click Close.

Check Contents

Review the SharePoint server to ensure cryptographic mechanisms preventing the unauthorized disclosure of information during transmission are employed, unless the transmitted data is otherwise protected by alternative physical measures.

In SharePoint Central Administration, click Application Management.

On the Application Management page, in the Web Applications list, click Manage web applications.

On the Web Applications Management page, verify that each Web Application URL begins with https.

If the URL does not begin with https, this is a finding.

If SharePoint communications between all components and clients are protected by alternative physical measures that have been approved by the AO, this is not a finding.

Vulnerability Number

V-223262

Documentable

False

Rule Version

SP13-00-000135

Severity Override Guidance

Review the SharePoint server to ensure cryptographic mechanisms preventing the unauthorized disclosure of information during transmission are employed, unless the transmitted data is otherwise protected by alternative physical measures.

In SharePoint Central Administration, click Application Management.

On the Application Management page, in the Web Applications list, click Manage web applications.

On the Web Applications Management page, verify that each Web Application URL begins with https.

If the URL does not begin with https, this is a finding.

If SharePoint communications between all components and clients are protected by alternative physical measures that have been approved by the AO, this is not a finding.

Check Content Reference

M

Target Key

4096

Comments