STIGQter: STIG Summary: Microsoft SharePoint 2013 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

SharePoint must prevent non-privileged users from circumventing malicious code protection capabilities.

DISA Rule

SV-223263r612235_rule

Vulnerability Number

V-223263

Group Title

SRG-APP-000340

Rule Version

SP13-00-000140

Severity

CAT I

CCI(s)

• CCI-002235 - The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Weight

10

Fix Recommendation

Configure the SharePoint server to prevent non-privileged users from circumventing malicious code protection capabilities.

Navigate to Central Administration.

Click "Manage web applications".

Select the web application by clicking its name.

Select "Blocked File Types" from the ribbon.

Add file types that are defined in the SSP but not in the list of blocked file types.

Click "Ok".

Repeat for each web application that has findings.

Check Contents

Review the SharePoint server configuration to ensure non-privileged users are prevented from circumventing malicious code protection capabilities.

Confirm that the list of blocked file types configured in Central Administration matches the "blacklist" document in the application's SSP. See TechNet for default file types that are blocked: http://technet.microsoft.com/en-us/library/cc262496.aspx

Navigate to Central Administration.

Click "Manage web applications".

Select the web application by clicking its name.

Select "Blocked File Types" from the ribbon.

Compare the list of blocked file types to those listed in the SSP. If the SSP has file types that are not in the blocked file types list, this is a finding.

Repeat check for each web application.

Vulnerability Number

V-223263

Documentable

False

Rule Version

SP13-00-000140

Severity Override Guidance

Review the SharePoint server configuration to ensure non-privileged users are prevented from circumventing malicious code protection capabilities.

Confirm that the list of blocked file types configured in Central Administration matches the "blacklist" document in the application's SSP. See TechNet for default file types that are blocked: http://technet.microsoft.com/en-us/library/cc262496.aspx

Navigate to Central Administration.

Click "Manage web applications".

Select the web application by clicking its name.

Select "Blocked File Types" from the ribbon.

Compare the list of blocked file types to those listed in the SSP. If the SSP has file types that are not in the blocked file types list, this is a finding.

Repeat check for each web application.

Check Content Reference

M

Target Key

4096

Comments