The organization must employ cryptographic mechanisms to prevent unauthorized disclosure of information during transmission unless otherwise protected by alternative physical measures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-28023 | SHPT-00-000805 | SV-36661r1_rule | ECCT-1 ECCT-2 | Medium |
| Description |
|---|
| Preventing the disclosure of transmitted information requires that applications take measures to using a cryptographic mechanism to protect the information during transmission. This is usually achieved through the use of TLS, SSL, or Internet Protocol Security (IPSec) Virtual Private Network (VPN). |
| STIG | Date |
|---|---|
| SharePoint 2010 Security Technical Implementation Guide (STIG) | 2011-12-20 |
Details
| Check Text ( C-35745r1_chk ) |
|---|
| 1. Log in to Central Administration. 2. Navigate to Application Management > Web Application Management. 3. Select the option “Create or extend web application”. 4. Select “Extend an existing web application”. 5. Select a sample web application. 6. Navigate to Security Configuration and verify that the “Use Secure Sockets Layer (SSL)” option is set to "Yes". 7. Mark as a finding if the SSL setting is not set to "Yes". 8. Mark as not a finding if SharePoint communications between all components and clients are protected by alternative physical measures that have been approved by the DAA. |
| Fix Text (F-30987r1_fix) |
|---|
| 1. Log in to Central Administration. 2. Navigate to Application Management > Web Application Management. 3. Select “Create or extend Web application”. 4. Select “Extend an existing Web application”. 5. Select a sample Web application. 6. Navigate to Security Configuration and set the “Use Secure Sockets Layer (SSL)” option to "Yes". |