Home
Security Hardening
DISA STIG SharePoint 2013 V2R2

DISA STIG SharePoint 2013 V2R2

SP13-00-000100 – SharePoint must employ FIPS-validated cryptography to protect unclassified information when such information must be separated from individuals who have the necessary clearances yet lack the necessary access approvals.
Details Certain encryption types are no longer considered secure. This setting configures a minimum encryption type for SharePoint. Different versions...
SP13-00-000105 – SharePoint must validate the integrity of security attributes exchanged between systems.
Details When data is exchanged between information systems, the security attributes associated with said data need to be maintained. Security...
SP13-00-000110 – SharePoint must ensure authentication of both client and server during the entire session. An example of this is SSL Mutual Authentication.
Details This control focuses on communications protection at the session, versus packet level. At the application layer, session IDs are...
SP13-00-000115 – SharePoint must terminate user sessions upon user logoff, and when idle time limit is exceeded.
Details This requirement focuses on communications protection at the application session, versus network packet level. Session IDs are tokens generated...
SP13-00-000120 – SharePoint must maintain the confidentiality of information during aggregation, packaging, and transformation in preparation for transmission. When transmitting data, applications need to leverage transmission protection mechanisms such as TLS, SSL VPNs, or IPSec.
Details Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptographic mechanism in...
SP13-00-000125 – SharePoint must implement an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions.
Details The information system isolates security functions from nonsecurity functions by means of an isolation boundary (implemented via partitions and...
SP13-00-000130 – SharePoint must implement security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers.
Details The information system isolates security functions from nonsecurity functions by means of an isolation boundary (implemented via partitions and...
SP13-00-000135 – SharePoint must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission, unless the transmitted data is otherwise protected by alternative physical measures.
Details Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptographic mechanism in...
SP13-00-000140 – SharePoint must prevent non-privileged users from circumventing malicious code protection capabilities.
Details Malicious code protection software must be protected to prevent a non-privileged user or malicious piece of software from disabling...
SP13-00-000060 – SharePoint must reject or delay, as defined by the organization, network traffic generated above configurable traffic volume thresholds – maxBandwidth
Details It is critical when a system is at risk of failing to process audit logs as required; actions are...

Prev Next

DISA STIG SharePoint 2013 V2R2

SP13-00-000100 – SharePoint must employ FIPS-validated cryptography to protect unclassified information when such information must be separated from individuals who have the necessary clearances yet lack the necessary access approvals.

SP13-00-000105 – SharePoint must validate the integrity of security attributes exchanged between systems.

SP13-00-000110 – SharePoint must ensure authentication of both client and server during the entire session. An example of this is SSL Mutual Authentication.

SP13-00-000115 – SharePoint must terminate user sessions upon user logoff, and when idle time limit is exceeded.

SP13-00-000120 – SharePoint must maintain the confidentiality of information during aggregation, packaging, and transformation in preparation for transmission. When transmitting data, applications need to leverage transmission protection mechanisms such as TLS, SSL VPNs, or IPSec.

SP13-00-000125 – SharePoint must implement an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions.

SP13-00-000130 – SharePoint must implement security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers.

SP13-00-000135 – SharePoint must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission, unless the transmitted data is otherwise protected by alternative physical measures.

SP13-00-000140 – SharePoint must prevent non-privileged users from circumventing malicious code protection capabilities.

SP13-00-000060 – SharePoint must reject or delay, as defined by the organization, network traffic generated above configurable traffic volume thresholds – maxBandwidth