Ensure that the SharePoint Online Web Part Gallery component is configured with limited access
Details For each SharePoint web application, the platform should be configured to prevent users from accessing the Online Web Part...
- Home
- Security Hardening
- CIS Microsoft SharePoint 2016 OS V1.1.0
CIS Microsoft SharePoint 2016 OS V1.1.0
Ensure that the SharePoint Central Administration interface is not hosted in the DMZ.
Details The SharePoint Central Administration site should not be installed onto the network DMZ, which is exposed to external internet...Ensure that the SharePoint Central Administration Site is TLS-enabled – HTTPS
Details Transport Layer Security (TLS) provides protection when communicating over the internet. Traffic is encrypted for portions of information transportation....Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Auth Provider
Details The Kerberos protocol is a more secure protocol than NTLM and is based on ticketing. In this scheme, a...Ensure the SharePoint CallStack and AllowPageLevelTrace ‘SafeMode’ parameters are set to false – AllowPageLevelTrace
Details The CallStack and PageLevelTrace parameters are used when debugging a problem and displays detailed additional information. Rationale: The detailed...Ensure the SharePoint CallStack and AllowPageLevelTrace ‘SafeMode’ parameters are set to false – CallStack
Details The CallStack and PageLevelTrace parameters are used when debugging a problem and displays detailed additional information. Rationale: The detailed...Ensure the SharePoint Central Administration site is not accessible from Extranet or Internet connections
Details The SharePoint central administration site should be configured so that its ports and interfaces are not accessible to untrusted...Ensure the SharePoint farm service account (database access account) is configured with the minimum privileges for the local server.
Details The SharePoint farm service account (database access account) must be configured with the minimum privileges for the local server....Ensure the SharePoint setup account is configured with the minimum privileges in Active Directory.
Details The SharePoint setup account must be configured with the minimum privileges in Active Directory. Rationale: Separation of duties is...Ensure Windows Authentication uses Kerberos and not the NT Lan Manager (NTLM) authentication protocol
Details If Windows Authentication mechanisms are used on SharePoint, the system should be configured to use the Kerberos authentication protocol...