DISA STIG SharePoint 2010 v1r9

Audit Details

Name: DISA STIG SharePoint 2010 v1r9

Updated: 4/25/2022

Authority: DISA STIG

Plugin: Windows

Revision: 1.7

Estimated Item Count: 49

File Details

Filename: DISA_STIG_SharePoint_2010_v1r9.audit

Size: 147 kB

MD5: c05cd183308d86a5781c571cfd3fd9ca
SHA256: 1982cf50d646102d817a953f1f03a42ad700042e7aea255cc9255563bd6609ab

Audit Items

DescriptionCategories
SHPT-00-000007 - SharePoint must support the requirement to initiate a session lock after an organizationally defined time period of system or application inactivity has transpired.

ACCESS CONTROL

SHPT-00-000009 - SharePoint information management policies must be created, configured, and maintained to support the use of organizationally defined security attributes.

CONFIGURATION MANAGEMENT

SHPT-00-000010 - SharePoint must maintain and support the use of organizationally defined security attributes to stored information - Document Library'

ACCESS CONTROL

SHPT-00-000010 - SharePoint must maintain and support the use of organizationally defined security attributes to stored information.

ACCESS CONTROL

SHPT-00-000040 - SharePoint must allow authorized users to associate security attributes with information.

ACCESS CONTROL

SHPT-00-000100 - SharePoint must enforce dual authorization, based on organizational policies and procedures for organizationally defined privileged commands.

ACCESS CONTROL

SHPT-00-000127 - The 'Automatically delete the site collection if use is not confirmed' property must not be enabled for web applications.

CONFIGURATION MANAGEMENT

SHPT-00-000130 - For environments requiring an Internet-facing capability, the SharePoint application server upon which Central Administration is installed must not be installed in the DMZ.

ACCESS CONTROL

SHPT-00-000165 - SharePoint must enable IRM to bind attributes to information to facilitate the organization's established information flow policy as needed.

ACCESS CONTROL

SHPT-00-000190 - SharePoint must enforce organizational requirements to implement separation of duties through assigned information access authorizations.

ACCESS CONTROL

SHPT-00-000191 - SharePoint farm service account (Database Access account) must be configured with minimum privileges in Active Directory (AD).

ACCESS CONTROL

SHPT-00-000193 - The SharePoint setup user domain account must be configured with the minimum privileges in Active Directory.

ACCESS CONTROL

SHPT-00-000195 - The SharePoint setup user domain account must be configured with the minimum privileges for the local server.

ACCESS CONTROL

SHPT-00-000197 - A secondary site collection administrator must be defined when creating a new site collection.

CONFIGURATION MANAGEMENT

SHPT-00-000199 - SharePoint service accounts must be configured for separation of duties.

ACCESS CONTROL

SHPT-00-000210 - Timer job retries for automatic password change on Managed Accounts must meet DoD password retry policy.

ACCESS CONTROL

SHPT-00-000235 - SharePoint clients must be configured to display an approved system use notification message or banner before granting access to the system.

ACCESS CONTROL

SHPT-00-000240 - SharePoint must retain the notification message or banner on the screen until users take explicit actions to log on to or further access.

ACCESS CONTROL

SHPT-00-000245 - SharePoint must be configured to display the banner, when appropriate, before granting further access.

ACCESS CONTROL

SHPT-00-000315 - SharePoint must allow designated organizational personnel to select which auditable events are to be audited by specific components of the system.

AUDIT AND ACCOUNTABILITY

SHPT-00-000405 - To support audit review, analysis, and reporting, SharePoint must integrate audit review, analysis, and reporting processes to support organizational processes for investigation and response to suspicious activities.

AUDIT AND ACCOUNTABILITY

SHPT-00-000430 - SharePoint must protect audit information from unauthorized access to the usage and health logs.

AUDIT AND ACCOUNTABILITY

SHPT-00-000431 - SharePoint must protect audit information from unauthorized access to the trace data log files.

AUDIT AND ACCOUNTABILITY

SHPT-00-000435 - SharePoint must protect audit information from unauthorized modification of usage and health data collection logs.

AUDIT AND ACCOUNTABILITY

SHPT-00-000436 - SharePoint must protect audit information from unauthorized modification to trace data logs.

AUDIT AND ACCOUNTABILITY

SHPT-00-000440 - SharePoint must protect audit information from unauthorized deletion of usage and health logs.

AUDIT AND ACCOUNTABILITY

SHPT-00-000441 - SharePoint must protect audit information from unauthorized deletion of trace log files.

AUDIT AND ACCOUNTABILITY

SHPT-00-000445 - SharePoint must protect audit tools from unauthorized access - 'Verify Site Collection Administrators'

AUDIT AND ACCOUNTABILITY

SHPT-00-000445 - SharePoint must protect audit tools from unauthorized access - 'Verify Users and Groups with Full Control'

AUDIT AND ACCOUNTABILITY

SHPT-00-000465 - SharePoint must support the requirement that privileged access is further defined between audit-related privileges and other privileges.

AUDIT AND ACCOUNTABILITY

SHPT-00-000475 - To support the requirements and principles of least functionality; SharePoint must support the organizational requirement to provide only essential capabilities.

CONFIGURATION MANAGEMENT

SHPT-00-000480 - When configuring Central Administration, the port number selected must comply with DoD Ports and Protocol Management (PPSM) program requirements.

CONFIGURATION MANAGEMENT

SHPT-00-000495 - Backup of SharePoint system level files for critical systems must be performed when identified as required by the owning organization.

CONTINGENCY PLANNING

SHPT-00-000530 - The Central Administration Web Application must use Kerberos as the authentication provider.

IDENTIFICATION AND AUTHENTICATION

SHPT-00-000531 - SharePoint sites must not use NTLM - SharePoint sites must not use NTLM.

IDENTIFICATION AND AUTHENTICATION

SHPT-00-000600 - SharePoint managed service accounts must be set to enable automatic password change.

IDENTIFICATION AND AUTHENTICATION

SHPT-00-000640 - Applications must support organizational requirements to employ cryptographic mechanisms to protect information in storage.

SYSTEM AND COMMUNICATIONS PROTECTION

SHPT-00-000645 - SharePoint must terminate the network connection associated with a communications session at the end of the session or after an organizationally defined time period of inactivity - 'FormDigestSettings.Enabled = True'

SYSTEM AND COMMUNICATIONS PROTECTION

SHPT-00-000682 - The Online Web Part Gallery must be configured for limited access.

SYSTEM AND COMMUNICATIONS PROTECTION

SHPT-00-000683 - SharePoint-specific malware (i.e., anti-virus) software must be integrated and configured - 'Scan Documents on Download is enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

SHPT-00-000683 - SharePoint-specific malware (i.e., anti-virus) software must be integrated and configured - 'Scan Documents on Upload is enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

SHPT-00-000683 - SharePoint-specific malware (i.e., anti-virus) software must be integrated and configured.

SYSTEM AND COMMUNICATIONS PROTECTION

SHPT-00-000690 - The Central Administration site must not be accessible from Extranet or Internet connections.

SYSTEM AND COMMUNICATIONS PROTECTION

SHPT-00-000692 - Access to Central Administration site must be limited to authorized users and groups.

SYSTEM AND COMMUNICATIONS PROTECTION

SHPT-00-000760 - SharePoint must implement security functions as largely independent modules to avoid unnecessary interactions between modules - Central Administration is a separate App Pool

SYSTEM AND COMMUNICATIONS PROTECTION

SHPT-00-000760 - SharePoint must implement security functions as largely independent modules to avoid unnecessary interactions between modules - Internet & Extranet assigned to diff App Pools

SYSTEM AND COMMUNICATIONS PROTECTION

SHPT-00-000760 - SharePoint must implement security functions as largely independent modules to avoid unnecessary interactions between modules - No Applications assigned to Default App Pool

SYSTEM AND COMMUNICATIONS PROTECTION

SHPT-00-000805 - The organization must employ cryptographic mechanisms to prevent unauthorized disclosure of information during transmission unless otherwise protected by alternative physical measures.

SYSTEM AND COMMUNICATIONS PROTECTION

SHPT-00-000810 - SharePoint must identify potentially security-relevant error conditions.

SYSTEM AND INFORMATION INTEGRITY