Microsoft SharePoint 2013 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000212
<GroupDescription></GroupDescription>Group -
The SharePoint Central Administration site must not be accessible from Extranet or Internet connections.
<VulnDiscussion>SharePoint must prevent the presentation of information system management-related functionality at an interface utilized by g...Rule Medium Severity -
SRG-APP-000039
<GroupDescription></GroupDescription>Group -
For environments requiring an Internet-facing capability, the SharePoint application server upon which Central Administration is installed, must not be installed in the DMZ.
<VulnDiscussion>Information flow control regulates where information is allowed to travel within an information system and between informatio...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The SharePoint farm service account (database access account) must be configured with minimum privileges in Active Directory (AD).
<VulnDiscussion>Separation of duties is a prevalent Information Technology control implemented at different layers of the information system ...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The SharePoint farm service account (database access account) must be configured with minimum privileges on the SQL server.
<VulnDiscussion>Separation of duties is a prevalent Information Technology control implemented at different layers of the information system ...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The SharePoint setup account must be configured with the minimum privileges in Active Directory.
<VulnDiscussion>Separation of duties is a prevalent Information Technology control implemented at different layers of the information system ...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The SharePoint setup account must be configured with the minimum privileges on the SQL server.
<VulnDiscussion>Separation of duties is a prevalent Information Technology control implemented at different layers of the information system ...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The SharePoint setup account must be configured with the minimum privileges for the local server.
<VulnDiscussion>Separation of duties is a prevalent Information Technology control implemented at different layers of the information system ...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
A secondary SharePoint site collection administrator must be defined when creating a new site collection.
<VulnDiscussion>If a site reaches its maximum size, users will be denied access until an administrator fixes the problem. Having a secondary ...Rule Low Severity -
SRG-APP-000142
<GroupDescription></GroupDescription>Group -
When configuring SharePoint Central Administration, the port number selected must comply with DoD Ports and Protocol Management (PPSM) program requirements.
<VulnDiscussion>During the installation of Microsoft SharePoint, the Central Administration Web site is established on a randomly-assigned TC...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
SharePoint-specific malware (i.e. anti-virus) protection software must be integrated and configured.
<VulnDiscussion>Configuring anti-virus settings ensures documents will be scanned for viruses upon download from and upload to the SharePoint...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
SharePoint server access to the Online Web Part Gallery must be configured for limited access.
<VulnDiscussion>Web Part galleries are groupings of Web Parts. There are four Web Part galleries: Closed Web Parts, Site Name Gallery, Server...Rule Medium Severity -
SRG-APP-000516
<GroupDescription></GroupDescription>Group -
The SharePoint farm service account (database access account) must be configured with the minimum privileges for the local server.
<VulnDiscussion>Separation of duties is a prevalent Information Technology control implemented at different layers of the information system ...Rule Medium Severity -
SRG-APP-000204
<GroupDescription></GroupDescription>Group -
SharePoint must validate the integrity of security attributes exchanged between systems.
<VulnDiscussion>When data is exchanged between information systems, the security attributes associated with said data need to be maintained. ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.