Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The organization must employ cryptographic mechanisms to prevent unauthorized disclosure of information during transmission unless otherwise protected by alternative physical measures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-28023 | SHPT-00-000805 | SV-36661r1_rule | ECCT-1 ECCT-2 | Medium |
| Description |
|---|
| Preventing the disclosure of transmitted information requires that applications take measures to using a cryptographic mechanism to protect the information during transmission. This is usually achieved through the use of TLS, SSL, or Internet Protocol Security (IPSec) Virtual Private Network (VPN). |
| STIG | Date |
|---|---|
| SharePoint 2010 Security Technical Implementation Guide (STIG) | 2011-12-20 |
Details
| Check Text ( C-35745r1_chk ) |
|---|
| 1. Log in to Central Administration. 2. Navigate to Application Management > Web Application Management. 3. Select the option “Create or extend web application”. 4. Select “Extend an existing web application”. 5. Select a sample web application. 6. Navigate to Security Configuration and verify that the “Use Secure Sockets Layer (SSL)” option is set to "Yes". 7. Mark as a finding if the SSL setting is not set to "Yes". 8. Mark as not a finding if SharePoint communications between all components and clients are protected by alternative physical measures that have been approved by the DAA. |
| Fix Text (F-30987r1_fix) |
|---|
| 1. Log in to Central Administration. 2. Navigate to Application Management > Web Application Management. 3. Select “Create or extend Web application”. 4. Select “Extend an existing Web application”. 5. Select a sample Web application. 6. Navigate to Security Configuration and set the “Use Secure Sockets Layer (SSL)” option to "Yes". |