STIGQter STIGQter: STIG Summary: MS SharePoint 2013 Security Technical Implementation Guide Version: 1 Release: 8 Benchmark Date: 25 Oct 2019: SharePoint must employ NSA-approved cryptography to protect classified information.

DISA Rule

SV-74399r4_rule

Vulnerability Number

V-59969

Group Title

SRG-APP-000198

Rule Version

SP13-00-000095

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure SharePoint to employ NSA-approved cryptography to protect classified information.

Open MMC.

Click “File”, “Add/Remove Snap-in”, and “add Group Policy Object Editor”.

Enter a name for the Group Policy Object, or accept the default.

Click “Finish”.

Click “OK”.

Navigate to Computer Policy >> Computer Configuration >> Administrative Templates >> Network >> SSL Configuration settings.

Right-click “SSL Configuration Settings”, click “SSL Cipher Suite Order”, and then click “Edit”.

In the “SSL Cipher Suite Order” dialog box, select "Enabled" option.

Under “Options”, in the “SSL Cipher Suites” text box, enter desired cipher suites that are not DES or RC4.

Click “OK”.

Check Contents

Review the SharePoint server configuration to ensure NSA-approved cryptography is employed to protect classified information.

Open MMC.

Click "File", "Add/Remove Snap-in", and "add Group Policy Object Editor".

Enter a name for the Group Policy Object, or accept the default.

Click "Finish".

Click "OK".

Navigate to Computer Policy >> Computer Configuration >> Administrative Templates >> Network >> SSL Configuration settings.

Right-click "SSL Configuration Settings", click "SSL Cipher Suite Order", click "Edit".

In the "SSL Cipher Suite Order" dialog box, if "Enabled" is not selected, this is a finding.

Under Options, in the "SSL Cipher Suites" text box, a list of cipher suites will be displayed.

If any DES or RC4 cipher suites exist in the list, this is a finding.

Vulnerability Number

V-59969

Documentable

False

Rule Version

SP13-00-000095

Severity Override Guidance

Review the SharePoint server configuration to ensure NSA-approved cryptography is employed to protect classified information.

Open MMC.

Click "File", "Add/Remove Snap-in", and "add Group Policy Object Editor".

Enter a name for the Group Policy Object, or accept the default.

Click "Finish".

Click "OK".

Navigate to Computer Policy >> Computer Configuration >> Administrative Templates >> Network >> SSL Configuration settings.

Right-click "SSL Configuration Settings", click "SSL Cipher Suite Order", click "Edit".

In the "SSL Cipher Suite Order" dialog box, if "Enabled" is not selected, this is a finding.

Under Options, in the "SSL Cipher Suites" text box, a list of cipher suites will be displayed.

If any DES or RC4 cipher suites exist in the list, this is a finding.

Check Content Reference

M

Target Key

2801

Comments