When configuring SharePoint Central Administration, the port number selected must comply with DoD Ports and Protocol Management (PPSM) program requirements.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-60009	SP13-00-000190	SV-74439r2_rule		Medium

Description
During the installation of Microsoft SharePoint, the Central Administration Web site is established on a randomly-assigned TCP port by default. Allowing a randomly-assigned default may result in use of a port which violates DoD policy or conflicts with ports already in use. Use of certain well-known ports may also result in slow operational response or expose the application to known denial of service attacks.

Description

During the installation of Microsoft SharePoint, the Central Administration Web site is established on a randomly-assigned TCP port by default. Allowing a randomly-assigned default may result in use of a port which violates DoD policy or conflicts with ports already in use. Use of certain well-known ports may also result in slow operational response or expose the application to known denial of service attacks.

STIG	Date
MS SharePoint 2013 Security Technical Implementation Guide	2020-06-08

Details

Check Text ( C-60699r2_chk )
Review the SharePoint server Central Administration configuration to ensure the port number selected complies with DoD Ports and Protocol Management (PPSM) program requirements. Open the SharePoint Management Shell (Start >> All Programs >> Microsoft SharePoint Products >> SharePoint Management Shell). Type the following command at the PowerShell prompt: Get-SPWebApplication -IncludeCentralAdministration Find the entry for the Central Administration web application and verify the port listed in the URL column is allowed by the DoD PPSM policy. If the port number is not allowed in accordance with DoD PPSM policy, this is a finding.

Check Text ( C-60699r2_chk )

Review the SharePoint server Central Administration configuration to ensure the port number selected complies with DoD Ports and Protocol Management (PPSM) program requirements.

Open the SharePoint Management Shell (Start >> All Programs >> Microsoft SharePoint Products >> SharePoint Management Shell).

Type the following command at the PowerShell prompt:
Get-SPWebApplication -IncludeCentralAdministration

Find the entry for the Central Administration web application and verify the port listed in the URL column is allowed by the DoD PPSM policy.

If the port number is not allowed in accordance with DoD PPSM policy, this is a finding.

Fix Text (F-65419r3_fix)
Configure the SharePoint Central Administration port number selected to comply with DoD Ports and Protocol Management (PPSM) program requirements. Open the SharePoint Management Shell (Start >> All Programs >> Microsoft SharePoint Products >> SharePoint Management Shell). Change the port number to a PPS-approved port that does not conflict with existing port usage using the following command: Set -SPCentralAdministration -Port Press "Enter" to save.

Fix Text (F-65419r3_fix)

Configure the SharePoint Central Administration port number selected to comply with DoD Ports and Protocol Management (PPSM) program requirements.

Open the SharePoint Management Shell (Start >> All Programs >> Microsoft SharePoint Products >> SharePoint Management Shell).

Change the port number to a PPS-approved port that does not conflict with existing port usage using the following command:
Set -SPCentralAdministration -Port

Press "Enter" to save.