Ensure access to SharePointEmailws.asmx is limited to only the server farm account Details Restrict access to the Microsoft SharePoint Directory Management Service by securing the file associated with this service, which is...
Ensure Anonymous authentication is denied Details SharePoint web applications should be configured to disallow anonymous authentication, which would allow users to authenticate and use the...
Ensure a secondary SharePoint site collection administrator has been defined on each site collection. Details A secondary SharePoint site collection administrator must be defined when creating a new site collection. Rationale: If a site...
Ensure a separate organizational unit (OU) in Active Directory exists for SharePoint 2019 objects. Details SharePoint 2019 includes an internal service, the Microsoft SharePoint Directory Management Service, for creating e-mail distribution groups. When you...
Ensure ‘Blocked File Types’ is configured to match the enterprise blacklist Details A common tactic of malware is to identify the type of malicious code protection software running on the system...
Ensure claims-based authentication is used for all web applications and zones of a SharePoint 2019 farm Details Claims-based authentication enables systems and applications to authenticate a user without requiring the user to disclose more personal information...
Ensure compilation or scripting of database pages via the PageParserPaths elements is not allowed Details Allowing compilation or scripting of database pages via the ‘PageParserPaths’ elements can lead to disclosure of compilation error messages...
Ensure SharePoint database servers are segregated from application server and placed in a secure zone. Details Segregating the SharePoint database server from the application server provides a layered defense architecture. Rationale: A layered defense architecture...
Ensure SharePoint displays an approved system use notification message or banner before granting access to the system. Details SharePoint web applications must display an approved system use notification message or banner before granting access. Rationale: Applications are...
Ensure SharePoint identifies data type, specification, and usage when transferring information between different security domains so policy restrictions may be applied. Details SharePoint must identify data type, specification, and usage when transferring information between different security domains so policy restrictions may...