4.4 Ensure Anonymous authentication is denied

Information

SharePoint web applications should be configured to disallow anonymous authentication,
which would allow users to authenticate and use the applications without confirming their
identity.

Rationale:

Allowing anonymous authentication to SharePoint web applications will nullify the
effectiveness of the authentication control. Furthermore, any activity performed in the
anonymous session would also not be linkable to a particular account. Such linkages are
often critical in post-incident investigations and audits.

Solution

1. Navigate to Central Administration website.
2. Click on Manage web applications.
3. Click the web application name.
4. Click the Authentication Providers button in the Web Applications ribbon.
5. Click each Zone, and uncheck Enable anonymous access.
6. Repeat for each web application.

See Also

https://workbench.cisecurity.org/files/2395

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CSCv6|16

Plugin: Windows

Control ID: fdd7d890d54a7c9e2a3ce42463ca0814a1b2ae25df86428285aeefb5da386fc4