Checklist Details for SharePoint Server 2007 Security Guide 1.0

(Checklist Revisions)

Checklist Highlights

Checklist Name:
SharePoint Server 2007 Security Guide
Review Status:
Governmental Authority: National Security Agency
Third Party: MITRE
Target Product:
Target Product CPE Name Product Category
Microsoft Office SharePoint Server 2007 cpe:/a:microsoft:sharepoint_server:2007 (View CVEs)
  • Enterprise Application
Checklist Summary:
Microsoft Office SharePoint Server 2007 is a server program that is part of the 2007 Microsoft Office system. Office SharePoint Server 2007 provides a single, integrated location where employees can collaborate with team members, share documents, manage content and workflow, and supply access to information that is essential to organizational goals and processes. This documents main focus is on the SharePoint Server 2007 Portal which is the backbone of SharePoint deployments. This document provides security guidance on SharePoint Server 2007 Standard Edition hosted on Microsoft Windows Server 2003 Standard Edition. This guide does not consider the installation, configuration, or operation of this product on other Windows or non-Windows platforms. This document assumes that the reader is familiar with SharePoint Server 2007 and will refer to product documentation as needed in order to implement recommendations contained in this guide. The reader should also be familiar with Windows 2003 Server administration. This document also assumes that the baseline platform configuration of the Windows Server 2003 server and SharePoint Server 2007 are up-to-date in terms of installed service packs and hotfixes.
Checklist Role:
  • Enterprise Application
Known Issues:
No known issues.
Target Audience:
System Administrator or System Auditor. Knowledge of Windows Operating Systems.
Testing Information:
Windows Server 2003 Standard Edition. Not tested in an operational environment.
Regulatory Compliance:
Yes. Maps to NIST SP 800-53 controls.
Comments contained in checklist.
Product Support:
Applying this checklist will not affect software support from Microsoft.
Point of Contact:
Produced without Microsoft Sponsorship.
Open Source
Change History:
Not provided.
Change 'author' from MITRE to NSA
Changes made to the content for SCAP 1.1 compliance.
NIST checklist record last modified on 07/11/2011