Details

The information system isolates security functions from nonsecurity functions by means of an isolation boundary (implemented via partitions and domains) controlling access to and protecting the integrity of, the hardware, software, and firmware that perform those security functions. The information system maintains a separate execution domain (e.g., address space) for each executing process.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the SharePoint server to implement an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions.

Log on to the server that hosts the farm’s Central Administration website.

Open IIS Manager.

Expand ‘Sites’ tree view and right-click the web application named ‘SharePoint Central Administration’.

Select ‘Edit Bindings …’.

Select the site binding record and click ‘Edit’.

From the ‘IP Address’ dropdown list, select an OOB IP address.

Click ‘Ok’.

*NOTE: If the Central Administration site has multiple site bindings, steps will need to be repeated for each site binding.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SharePoint_2013_V2R2_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

• 800-53|SC-23
• CAT|I
• CCI|CCI-001184
• Rule-ID|SV-223260r612235_rule
• STIG-ID|SP13-00-000125
• STIG-Legacy|SV-74411
• STIG-Legacy|V-59981
• Vuln-ID|V-223260

Source

• Tenable.com/audits