Title

The organization must employ cryptographic mechanisms to prevent unauthorized disclosure of information during transmission unless otherwise protected by alternative physical measures. (Cat II impact)

Discussion

Preventing the disclosure of transmitted information requires that applications take measures to using a cryptographic mechanism to protect the information during transmission. This is usually achieved through the use of TLS, SSL, or Internet Protocol Security (IPSec) Virtual Private Network (VPN).

Check Content

1. In SharePoint Central Administration, click Application Management. 2. On the Application Management page, in the Web Applications list, click Manage web applications. 3. On the Web Applications Management page, verify that each Web Application URL begins with https. 4. Mark as a finding if the URL does not begin with https. 5. Mark as not a finding if SharePoint communications between all components and clients are protected by alternative physical measures that have been approved by the DAA.

Fix Text

1. Open IIS Manager. 2. In the Connections pane, expand Sites. 3. Click the Web Application site. 4. In the Actions pane, click Bindings…. 5. In the Site Bindings window, click Add. 6. In the Add Site Binding window, change Type to https and select the site’s SSL certificate. 7.Click OK and then click Close.

Additional Identifiers

Rule ID: SV-36661r2_rule

Vulnerability ID: V-28023

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.