UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization must employ cryptographic mechanisms to prevent unauthorized disclosure of information during transmission unless otherwise protected by alternative physical measures.


Overview

Finding ID Version Rule ID IA Controls Severity
V-28023 SHPT-00-000805 SV-36661r2_rule ECCT-1 ECCT-2 Medium
Description
Preventing the disclosure of transmitted information requires that applications take measures to using a cryptographic mechanism to protect the information during transmission. This is usually achieved through the use of TLS, SSL, or Internet Protocol Security (IPSec) Virtual Private Network (VPN).
STIG Date
SharePoint 2010 Security Technical Implementation Guide (STIG) 2014-07-03

Details

Check Text ( C-35745r2_chk )
1. In SharePoint Central Administration, click Application Management.
2. On the Application Management page, in the Web Applications list, click Manage web applications.
3. On the Web Applications Management page, verify that each Web Application URL begins with https.
4. Mark as a finding if the URL does not begin with https.
5. Mark as not a finding if SharePoint communications between all components and clients are protected by alternative physical measures that have been approved by the DAA.
Fix Text (F-30987r3_fix)

1. Open IIS Manager.
2. In the Connections pane, expand Sites.
3. Click the Web Application site.
4. In the Actions pane, click Bindings….
5. In the Site Bindings window, click Add.
6. In the Add Site Binding window, change Type to https and select the site’s SSL certificate.
7.Click OK and then click Close.