National Vulnerability Database

National Vulnerability Database

National Vulnerability

SharePoint Server 2007 Security Guide 1.0 Checklist Details (Checklist Revisions)

SCAP 1.1 Content:

Machine-Readable CCE to 800-53 Data Stream

Supporting Resources:


    Target CPE Name
    Microsoft Office SharePoint Server 2007 cpe:/a:microsoft:sharepoint_server:2007 (View CVEs)

    Checklist Highlights

    Checklist Name:
    SharePoint Server 2007 Security Guide
    Checklist ID:
    Review Status:
    Governmental Authority: National Security Agency
    Third Party: MITRE
    Original Publication Date:

    Checklist Summary:

    Microsoft Office SharePoint Server 2007 is a server program that is part of the 2007 Microsoft Office system. Office SharePoint Server 2007 provides a single, integrated location where employees can collaborate with team members, share documents, manage content and workflow, and supply access to information that is essential to organizational goals and processes. This documents main focus is on the SharePoint Server 2007 Portal which is the backbone of SharePoint deployments. This document provides security guidance on SharePoint Server 2007 Standard Edition hosted on Microsoft Windows Server 2003 Standard Edition. This guide does not consider the installation, configuration, or operation of this product on other Windows or non-Windows platforms. This document assumes that the reader is familiar with SharePoint Server 2007 and will refer to product documentation as needed in order to implement recommendations contained in this guide. The reader should also be familiar with Windows 2003 Server administration. This document also assumes that the baseline platform configuration of the Windows Server 2003 server and SharePoint Server 2007 are up-to-date in terms of installed service packs and hotfixes.

    Checklist Role:

    • Application Server

    Known Issues:

    No known issues.

    Target Audience:

    System Administrator or System Auditor. Knowledge of Windows Operating Systems.

    Target Operational Environment:

    • Managed

    Testing Information:

    Windows Server 2003 Standard Edition. Not tested in an operational environment.

    Regulatory Compliance:

    Yes. Maps to NIST SP 800-53 controls.


    Comments contained in checklist.



    Product Support:

    Applying this checklist will not affect software support from Microsoft.

    Point of Contact:


    Produced without Microsoft Sponsorship.


    Open Source

    Change History:

    Not provided.
    Change 'author' from MITRE to NSA
    Changes made to the content for SCAP 1.1 compliance.
    Moved to Archive Status - 10/30/18


    URL Description


    Reference URL Description

    NIST checklist record last modified on 10/30/2018