Detections
Analytics
SP13-00-000130 - SharePoint must implement security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers.
Information
The information system isolates security functions from nonsecurity functions by means of an isolation boundary (implemented via partitions and domains) controlling access to, and protecting the integrity of, the hardware, software, and firmware that perform those security functions. The information system maintains a separate execution domain (e.g., address space) for each executing process.NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Configure the SharePoint server to implement security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers.Configure access to Central Administration to be allowed over a management (OOB) network.
Configure Central Administration on a server that resides within the internal network (not on a server in the DMZ).
Configure management access (i.e., remote desktop access and local server access) so that it occurs only via a management network (OOB) and not over a production network.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SharePoint_2013_V2R4_STIG.zip
Item Details
Audit Name: DISA Microsoft SharePoint 2013 STIG v2r4
Category: SYSTEM AND COMMUNICATIONS PROTECTION
References: 800-53|SC-3(5), CAT|II, CCI|CCI-001089, Rule-ID|SV-223261r987636_rule, STIG-ID|SP13-00-000130, STIG-Legacy|SV-74413, STIG-Legacy|V-59983, Vuln-ID|V-223261
Plugin: Windows
Control ID: 100441113e5a53b314fdd7112603a875bfdd99e53c0d5aeb62ecc6ed4e7463a7