SharePoint server access to the Online Web Part Gallery must be configured for limited access.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-59991	SP13-00-000205	SV-74421r1_rule		Medium

Description
Web Part galleries are groupings of Web Parts. There are four Web Part galleries: Closed Web Parts, Site Name Gallery, Server Gallery, and Online Gallery. The Online Gallery is a collection of Microsoft MSNBC Web Parts located on the Internet. Allowing users to access the Online Web Part Gallery causes a significant performance hit on the server, due to the server attempting to connect to the MSNBC online gallery. This could result in a Denial-of-Service. The Online Gallery could contain Web Parts from unknown third parties, which could increase the risk of a malicious code execution attack. Preventing users from accessing the Online Web Part Gallery decreases the system's attack surface.

Description

Web Part galleries are groupings of Web Parts. There are four Web Part galleries: Closed Web Parts, Site Name Gallery, Server Gallery, and Online Gallery. The Online Gallery is a collection of Microsoft MSNBC Web Parts located on the Internet. Allowing users to access the Online Web Part Gallery causes a significant performance hit on the server, due to the server attempting to connect to the MSNBC online gallery. This could result in a Denial-of-Service. The Online Gallery could contain Web Parts from unknown third parties, which could increase the risk of a malicious code execution attack. Preventing users from accessing the Online Web Part Gallery decreases the system's attack surface.

STIG	Date
SharePoint 2013 Security Technical Implementation Guide	2015-09-29

Details

Check Text ( C-60681r1_chk )
Review the SharePoint server configuration to ensure access to the online web part gallery is configured for limited access. Log in to Central Administration. Navigate to Application Management >> Application Security. Select "Security" for Managed Web Part pages. For each web application in the Web Application section perform the following: - Select the correct web application in the Web Application section. - Verify the "Prevents users from accessing the Online Web Part Gallery, and helps to improve security and performance" option is checked. If the "Prevents users from accessing the Online Web Part Gallery, and helps to improve security and performance" option in the Online Web Part Gallery section is not checked, this is a finding.

Check Text ( C-60681r1_chk )

Review the SharePoint server configuration to ensure access to the online web part gallery is configured for limited access.

Log in to Central Administration.

Navigate to Application Management >> Application Security.

Select "Security" for Managed Web Part pages.

For each web application in the Web Application section perform the following:
- Select the correct web application in the Web Application section.
- Verify the "Prevents users from accessing the Online Web Part Gallery, and helps to improve security and performance" option is checked.

If the "Prevents users from accessing the Online Web Part Gallery, and helps to improve security and performance" option in the Online Web Part Gallery section is not checked, this is a finding.

Fix Text (F-65401r1_fix)
Configure the SharePoint server for limited access to the Online Web Part Gallery. Enable the "Prevents users from accessing the Online Web Part Gallery, and helps to improve security and performance" option for each web application. Login to Central Administration. Navigate to Application Management >> Application Security. Select "Security" for Managed Web Part pages. For each web application in the web application section, perform the following: - Select the correct web application in the web application section. - Select the "Prevents users from accessing the Online Web Part Gallery, and helps to improve security and performance" option in the Online Web Part Gallery section. Select "OK".

Fix Text (F-65401r1_fix)

Configure the SharePoint server for limited access to the Online Web Part Gallery.

Enable the "Prevents users from accessing the Online Web Part Gallery, and helps to improve security and performance" option for each web application.

Login to Central Administration.

Navigate to Application Management >> Application Security.

Select "Security" for Managed Web Part pages.

For each web application in the web application section, perform the following:
- Select the correct web application in the web application section.
- Select the "Prevents users from accessing the Online Web Part Gallery, and helps to improve security and performance" option in the Online Web Part Gallery section.

Select "OK".