An error occurred:

Check: SP13-00-000125

MS SharePoint 2013 STIG: SP13-00-000125 (in versions v1 r9 through v1 r3)

Title

SharePoint must implement an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions. (Cat I impact)

Discussion

The information system isolates security functions from nonsecurity functions by means of an isolation boundary (implemented via partitions and domains) controlling access to and protecting the integrity of, the hardware, software, and firmware that perform those security functions. The information system maintains a separate execution domain (e.g., address space) for each executing process.

Check Content

Review the SharePoint server configuration to ensure an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions are implemented. Log on to the server that hosts the farm's Central Administration website. Open IIS Manager. Expand "Sites" tree view and right-click the web application named "SharePoint Central Administration". Select "Edit Bindings ...". Confirm the site is bound to an out-of-band (OOB) IP address. If the site is bound to a production IP address or not bound to a specific IP address, this is a finding.

Fix Text

Configure the SharePoint server to implement an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions. Log on to the server that hosts the farm's Central Administration website. Open IIS Manager. Expand "Sites" tree view and right-click the web application named "SharePoint Central Administration". Select "Edit Bindings ...". Select the site binding record and click "Edit". From the "IP Address" dropdown list, select an OOB IP address. Click "Ok". *NOTE: If the Central Administration site has multiple site bindings, steps will need to be repeated for each site binding.

Additional Identifiers

Rule ID: SV-74411r1_rule

Vulnerability ID: V-59981

Group Title: SRG-APP-000236

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001184

The information system protects the authenticity of communications sessions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-23

Session Authenticity