1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - Port 443

Information

Transport Layer Security (TLS) provides protection when communicating over the
internet. Traffic is encrypted for portions of information transportation. Ensure that the
Central Administration site is configured to be used with TLS.

Rationale:

The SharePoint Central Administration site allows an administrator to manage settings for
the Web server and virtual servers. TLS protects this critical data by encrypting the traffic
that is transmitted over the network.

Solution

An SSL certificate must be acquired before enabling TLS. For more information about SSL
certificates, see related topics in IIS Help.
The Central Administration site must also be first configured to use port 443 and HTTPS.
To configure this, execute the following Windows PowerShell command:

Set-SPCentralAdministration -Port <port> -SecureSocketsLayer

NOTE: If the server certificate is for an FQDN update the AAM URL of the Central
Administration web site:

Set-SPAlternateUrl -Identity https://servername:443 -Url https://fully.qualified.domain.name:443 -Zone Default

Navigate to Internet Information Services (IIS) Manager.

1. Locate the SharePoint Central Administration v4 from the Sites category and verify that it is configured with an HTTPS binding.
2. Locate the SharePoint Central Administration v4 from the Sites category.
3. Double click on the Actions pane, in the Edit Site section.
4. Click the Bindings link.
5. In the Site Bindings dialog, select the HTTPS binding and click Edit.
6. In the Edit Site Binding dialog, ensure that the Port, Hostname and SSL Certificate settings fields accordingly.

See Also

https://workbench.cisecurity.org/files/2395

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8, CSCv6|14.2, CSCv7|14.4

Plugin: Windows

Control ID: b11b9050f64205c29555d0f7f397084781033f025dbaf58f0af8d34e3c092afb