Microsoft SharePoint 2013 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SharePoint must validate the integrity of security attributes exchanged between systems.
When data is exchanged between information systems, the security attributes associated with said data need to be maintained. Security attributes are an abstraction representing the basic propertie...Rule Medium Severity -
SharePoint must use cryptography to protect the integrity of the remote access session.
Remote access is any access to an organizational information system by a user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet)....Rule High Severity -
SharePoint must enforce approved authorizations for controlling the flow of information between interconnected systems in accordance with applicable policy.
Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and w...Rule High Severity -
SharePoint must provide the ability to prohibit the transfer of unsanctioned information in accordance with security policy.
The application enforces approved authorizations for controlling the flow of information within the system and between interconnected systems in accordance with applicable policy. Information flow...Rule Medium Severity -
SharePoint must allow designated organizational personnel to select which auditable events are to be audited by specific components of the system.
Audit records can be generated from various components within the information system, such as network interfaces, hard disks, modems, etc. From an application perspective, certain specific applicat...Rule Medium Severity -
SharePoint must prevent the execution of prohibited mobile code.
Decisions regarding the utilization of mobile code within organizational information systems need to include evaluations that help determine the potential for the code to cause damage to the system...Rule High Severity -
SharePoint must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).
Non-organizational users include all information system users other than organizational users, which include organizational employees or individuals the organization deems to have equivalent status...Rule Medium Severity -
SharePoint must employ NSA-approved cryptography to protect classified information.
Certain encryption types are no longer considered secure. This setting configures a minimum encryption type for SharePoint. Different versions of the Windows Server OS and versions of SharePoint wi...Rule High Severity -
SharePoint must employ FIPS-validated cryptography to protect unclassified information when such information must be separated from individuals who have the necessary clearances yet lack the necessary access approvals.
Certain encryption types are no longer considered secure. This setting configures a minimum encryption type for SharePoint. Different versions of the Windows Server OS and versions of SharePoint wi...Rule High Severity -
SharePoint must maintain the confidentiality of information during aggregation, packaging, and transformation in preparation for transmission. When transmitting data, applications need to leverage transmission protection mechanisms such as TLS, SSL VPNs, or IPSec.
Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptographic mechanism in order to protect the information during transmission....Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.