Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
SharePoint must employ FIPS-validated cryptography to protect unclassified information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-59967 | SP13-00-000090 | SV-74397r1_rule | High |
| Description |
|---|
| Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. |
| STIG | Date |
|---|---|
| SharePoint 2013 Security Technical Implementation Guide | 2015-05-07 |
Details
| Check Text ( C-60657r2_chk ) |
|---|
| Review the SharePoint server configuration to ensure FIPS-validated cryptography is employed to protect unclassified information. Open MMC. Click File, Add/Remove Snap-in, and add Group Policy Object Editor. Enter a name for the Group Policy Object, or accept the default. Click Finish. Click OK. Navigate to Computer Policy, Computer Configuration, Administrative Templates, Network, and SSL Configuration settings. Right-click SSL Configuration Settings, click SSL Cipher Suite Order, and then click Edit. In the SSL Cipher Suite Order dialog box, if "Enabled" is not selected, this is a finding. Under Options, in the SSL Cipher Suites text box, verify the following text is displayed: TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_MD5 Click OK. If any ciphers other than those listed above are present, this is a finding. |
| Fix Text (F-65377r2_fix) |
|---|
| Configure SharePoint to employ FIPS-validated cryptography to protect unclassified information. Open MMC. Click File, Add/Remove Snap-in, and add Group Policy Object Editor. Enter a name for the Group Policy Object, or accept the default. Click Finish. Click OK. Navigate to Computer Policy, Computer Configuration, Administrative Templates, Network, and SSL Configuration settings. Right-click SSL Configuration Settings, click SSL Cipher Suite Order, and then click Edit. In the SSL Cipher Suite Order dialog box, if "Enabled" is not selected, this is a finding. Under Options, in the SSL Cipher Suites text box, delete everything, and then copy and paste from the following text: TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_MD5 Click OK. |