The organization must employ cryptographic mechanisms to prevent unauthorized disclosure of information during transmission unless otherwise protected by alternative physical measures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-28023 | SHPT-00-000805 | SV-36661r2_rule | Medium |
| Description |
|---|
| Preventing the disclosure of transmitted information requires that applications take measures to using a cryptographic mechanism to protect the information during transmission. This is usually achieved through the use of TLS, SSL, or Internet Protocol Security (IPSec) Virtual Private Network (VPN). |
| STIG | Date |
|---|---|
| MS SharePoint 2010 Security Technical Implementation Guide | 2019-01-02 |
Details
| Check Text ( C-35745r2_chk ) |
|---|
| 1. In SharePoint Central Administration, click Application Management. 2. On the Application Management page, in the Web Applications list, click Manage web applications. 3. On the Web Applications Management page, verify that each Web Application URL begins with https. 4. Mark as a finding if the URL does not begin with https. 5. Mark as not a finding if SharePoint communications between all components and clients are protected by alternative physical measures that have been approved by the DAA. |
| Fix Text (F-30987r3_fix) |
|---|
| 1. Open IIS Manager. 2. In the Connections pane, expand Sites. 3. Click the Web Application site. 4. In the Actions pane, click Bindings…. 5. In the Site Bindings window, click Add. 6. In the Add Site Binding window, change Type to https and select the site’s SSL certificate. 7.Click OK and then click Close. |