Details
SharePoint must prevent the presentation of information system management-related functionality at an interface utilized by general, (i.e., non-privileged), users.
Central Administration is an application used to manage SharePoint system settings and the settings of the web applications running under SharePoint. The Central Administration application should be protected using a defense-in-depth approach. Regular users should not be able to access the Central Administration as the first line of defense. The second line of defense is that regular users do not have user ids defined in the Central Administration application.
Solution
Block outside Central Administration access.
Use IIS IP address restrictions, firewall, or other filtering solutions to limit access to the Central Administration site.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.
References
- 800-53|SC-2(1)
- CAT|II
- CCI|CCI-001083
- Rule-ID|SV-36741r2_rule
- STIG-ID|SHPT-00-000690
- Vuln-ID|V-28281