SharePoint must implement an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
high	V-223260	SRG-APP-000219	SP13-00-000125	SV-223260r1043178_rule	2024-12-10	2

Description
The information system isolates security functions from nonsecurity functions by means of an isolation boundary (implemented via partitions and domains) controlling access to and protecting the integrity of, the hardware, software, and firmware that perform those security functions. The information system maintains a separate execution domain (e.g., address space) for each executing process.

ℹ️ Check
Review the SharePoint server configuration to ensure an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions are implemented. Log on to the server that hosts the farm's Central Administration website. Open IIS Manager. Expand "Sites" tree view and right-click the web application named "SharePoint Central Administration". Select "Edit Bindings ...". Confirm the site is bound to an out-of-band (OOB) IP address. If the site is bound to a production IP address or not bound to a specific IP address, this is a finding.

ℹ️ Check

Review the SharePoint server configuration to ensure an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions are implemented. Log on to the server that hosts the farm's Central Administration website. Open IIS Manager. Expand "Sites" tree view and right-click the web application named "SharePoint Central Administration". Select "Edit Bindings ...". Confirm the site is bound to an out-of-band (OOB) IP address. If the site is bound to a production IP address or not bound to a specific IP address, this is a finding.

✔️ Fix
Configure the SharePoint server to implement an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions. Log on to the server that hosts the farm's Central Administration website. Open IIS Manager. Expand "Sites" tree view and right-click the web application named "SharePoint Central Administration". Select "Edit Bindings ...". Select the site binding record and click "Edit". From the "IP Address" dropdown list, select an OOB IP address. Click "Ok". *NOTE: If the Central Administration site has multiple site bindings, steps will need to be repeated for each site binding.

✔️ Fix

Configure the SharePoint server to implement an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions. Log on to the server that hosts the farm's Central Administration website. Open IIS Manager. Expand "Sites" tree view and right-click the web application named "SharePoint Central Administration". Select "Edit Bindings ...". Select the site binding record and click "Edit". From the "IP Address" dropdown list, select an OOB IP address. Click "Ok". *NOTE: If the Central Administration site has multiple site bindings, steps will need to be repeated for each site binding.