An error occurred:

Check: SHPT-00-000683

MS SharePoint 2010 STIG: SHPT-00-000683 (in version v1 r9)

Title

SharePoint-specific malware (i.e., anti-virus) software must be integrated and configured. (Cat I impact)

Discussion

Configuring anti-virus settings ensures documents will be scanned for viruses upon download from and upload to the SharePoint server. Anti-virus settings are not configured by default, therefore leaving SharePoint document libraries open to potential viruses.

Check Content

1. Verify a SharePoint specific antivirus solution is installed. 2. In SharePoint Central Administration, click Security. 3. On the Security page, in the General Security list, click Manage antivirus settings. 4. Mark as a finding if the following boxes are unchecked: - Scan documents on upload. - Scan documents on download. - Attempt to clean infected documents.

Fix Text

Install and configure anti-virus package. 1. Install a SharePoint specific antivirus solution. 2. In SharePoint Central Administration, click Security. 3. On the Security page, in the General Security list, click Manage antivirus settings. 4. Check the boxes for the following: - Scan documents on upload. - Scan documents on download. - Attempt to clean infected documents. 5. Click OK.

Additional Identifiers

Rule ID: SV-37995r3_rule

Vulnerability ID: V-29339

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001167

The organization ensures the development of mobile code to be deployed in information systems meets organization-defined mobile code requirements.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-18 (2)

Acquisition / Development / Use