STIGQter: STIG Summary: Microsoft SharePoint 2013 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The SharePoint setup account must be configured with the minimum privileges in Active Directory.

DISA Rule

SV-223269r612235_rule

Vulnerability Number

V-223269

Group Title

SRG-APP-000516

Rule Version

SP13-00-000170

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the SharePoint setup account to be configured with the minimum privileges in Active Directory.

Ensure the Setup User domain user has minimum permissions in Active Directory.
- Using the AD DS console, navigate to “Active Directory Users and Computers” >> Users.
- Double click on the account to view the account properties.
- Select the “Members of” tab and configure the Setup user account is a member of the Domain Users group. Remove any other group membership from the account.
- Select the other tabs in this area and remove any services or permissions configured for this account.

Check Contents

Review the SharePoint server configuration to ensure the setup account is configured with the minimum privileges in Active Directory.

Verify the account has least privilege in Active Directory.
- Navigate to “Active Directory Users and Computers” >> Users.
- Double click on the account to view the account properties.
- Select the “Members of” tab and verify this account is a member of the Domain Users group only.
- Select the other tabs in this area to verify no other services or permissions are configured for this account.

If the Setup User account is a member of other groups other than Domain Users, this is a finding.

If the Setup User account has unneeded permissions or services assigned, this is a finding.

Vulnerability Number

V-223269

Documentable

False

Rule Version

SP13-00-000170

Severity Override Guidance

Review the SharePoint server configuration to ensure the setup account is configured with the minimum privileges in Active Directory.

Verify the account has least privilege in Active Directory.
- Navigate to “Active Directory Users and Computers” >> Users.
- Double click on the account to view the account properties.
- Select the “Members of” tab and verify this account is a member of the Domain Users group only.
- Select the other tabs in this area to verify no other services or permissions are configured for this account.

If the Setup User account is a member of other groups other than Domain Users, this is a finding.

If the Setup User account has unneeded permissions or services assigned, this is a finding.

Check Content Reference

M

Target Key

4096

Comments