STIGQter: STIG Summary: Microsoft SharePoint 2013 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

For environments requiring an Internet-facing capability, the SharePoint application server upon which Central Administration is installed, must not be installed in the DMZ.

DISA Rule

SV-223266r612235_rule

Vulnerability Number

V-223266

Group Title

SRG-APP-000039

Rule Version

SP13-00-000155

Severity

CAT II

CCI(s)

• CCI-001414 - The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

For environments requiring an Internet-facing capability, remove the SharePoint Central Administration application server upon which Central Administration is installed from the DMZ.

Check Contents

For environments requiring an Internet-facing capability, ensure the SharePoint Central Administration application server is not in the DMZ.

Inspect the logical location of the server farm web front end servers.

Verify the Central Administration site is not installed on a server located in a DMZ or other publicly accessible segment of the network.

If Central Administrator is installed on a publicly facing SharePoint server, this is a finding.

Vulnerability Number

V-223266

Documentable

False

Rule Version

SP13-00-000155

Severity Override Guidance

For environments requiring an Internet-facing capability, ensure the SharePoint Central Administration application server is not in the DMZ.

Inspect the logical location of the server farm web front end servers.

Verify the Central Administration site is not installed on a server located in a DMZ or other publicly accessible segment of the network.

If Central Administrator is installed on a publicly facing SharePoint server, this is a finding.

Check Content Reference

M

Target Key

4096

Comments