STIGQter STIGQter: STIG Summary: Microsoft SharePoint 2013 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The SharePoint farm service account (database access account) must be configured with minimum privileges on the SQL server.

DISA Rule

SV-223268r612235_rule

Vulnerability Number

V-223268

Group Title

SRG-APP-000516

Rule Version

SP13-00-000165

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the SharePoint farm service account (database access account) with minimum privileges on the SQL server.

Configure the account on each SQL server in the farm.
- Launch the SQL Server Management Console and navigate to Security >> Logins.
- Select the SharePoint farm service account.
- Click on Server Roles.
- Ensure only public, dbcreator, and securityadmin roles are checked.
- Remove checks from all other roles.

Check Contents

Review the SharePoint server configuration to ensure the farm service account (database access account) is configured with minimum privileges on the SQL server.

- Launch the SQL Server Management Console and navigate to Security >> Logins.
- Select the SharePoint farm service account.
- Click on "Server Roles" and verify only public, dbcreator, and securityadmin are checked.
- Click on "User Mapping" and verify that the farm account is a member of the public and db_owner role on each SharePoint database.

Otherwise, this is a finding.

Vulnerability Number

V-223268

Documentable

False

Rule Version

SP13-00-000165

Severity Override Guidance

Review the SharePoint server configuration to ensure the farm service account (database access account) is configured with minimum privileges on the SQL server.

- Launch the SQL Server Management Console and navigate to Security >> Logins.
- Select the SharePoint farm service account.
- Click on "Server Roles" and verify only public, dbcreator, and securityadmin are checked.
- Click on "User Mapping" and verify that the farm account is a member of the public and db_owner role on each SharePoint database.

Otherwise, this is a finding.

Check Content Reference

M

Target Key

4096

Comments