Home
Security Hardening
CIS Microsoft SharePoint 2019 OS V1.0.0

CIS Microsoft SharePoint 2019 OS V1.0.0

Ensure access to SharePointEmailws.asmx is limited to only the server farm account
Details Restrict access to the Microsoft SharePoint Directory Management Service by securing the file associated with this service, which is...
Ensure Anonymous authentication is denied
Details SharePoint web applications should be configured to disallow anonymous authentication, which would allow users to authenticate and use the...
Ensure a secondary SharePoint site collection administrator has been defined on each site collection.
Details A secondary SharePoint site collection administrator must be defined when creating a new site collection. Rationale: If a site...
Ensure a separate organizational unit (OU) in Active Directory exists for SharePoint 2019 objects.
Details SharePoint 2019 includes an internal service, the Microsoft SharePoint Directory Management Service, for creating e-mail distribution groups. When you...
Ensure ‘Blocked File Types’ is configured to match the enterprise blacklist
Details A common tactic of malware is to identify the type of malicious code protection software running on the system...
Ensure claims-based authentication is used for all web applications and zones of a SharePoint 2019 farm
Details Claims-based authentication enables systems and applications to authenticate a user without requiring the user to disclose more personal information...
Ensure compilation or scripting of database pages via the PageParserPaths elements is not allowed
Details Allowing compilation or scripting of database pages via the ‘PageParserPaths’ elements can lead to disclosure of compilation error messages...
Ensure SharePoint database servers are segregated from application server and placed in a secure zone.
Details Segregating the SharePoint database server from the application server provides a layered defense architecture. Rationale: A layered defense architecture...
Ensure SharePoint displays an approved system use notification message or banner before granting access to the system.
Details SharePoint web applications must display an approved system use notification message or banner before granting access. Rationale: Applications are...
Ensure SharePoint identifies data type, specification, and usage when transferring information between different security domains so policy restrictions may be applied.
Details SharePoint must identify data type, specification, and usage when transferring information between different security domains so policy restrictions may...

CIS Microsoft SharePoint 2019 OS V1.0.0

Ensure access to SharePointEmailws.asmx is limited to only the server farm account

Ensure Anonymous authentication is denied

Ensure a secondary SharePoint site collection administrator has been defined on each site collection.

Ensure a separate organizational unit (OU) in Active Directory exists for SharePoint 2019 objects.

Ensure ‘Blocked File Types’ is configured to match the enterprise blacklist

Ensure claims-based authentication is used for all web applications and zones of a SharePoint 2019 farm

Ensure compilation or scripting of database pages via the PageParserPaths elements is not allowed

Ensure SharePoint database servers are segregated from application server and placed in a secure zone.

Ensure SharePoint displays an approved system use notification message or banner before granting access to the system.

Ensure SharePoint identifies data type, specification, and usage when transferring information between different security domains so policy restrictions may be applied.