Microsoft Skype for Business 2016 Security Technical Implementation Guide

Overview

Version	Date	Finding Count (3)			Downloads
1	2016-11-02	CAT I (High): 0	CAT II (Medium): 3	CAT III (Low): 0	Excel JSON XML

Stig Description

The Microsoft Skype for Business 2016 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Critical Classified	II - Mission Critical Public	II - Mission Critical Sensitive	III - Mission Critical Classified	III - Mission Critical Public	III - Mission Critical Sensitive

Findings - MAC I - Mission Critical Classified

Finding ID	Severity	Title	Description
V-70905	Medium	In the event a secure Session Initiation Protocol (SIP) connection fails, the connection must be restricted from resorting to the unencrypted HTTP.	Prevents from HTTP being used for SIP connection in case TLS or TCP fail.
V-70903	Medium	Session Initiation Protocol (SIP) security mode must be configured.	When Lync connects to the server, it supports various authentication mechanisms. This policy allows the user to specify whether Digest and Basic authentication are supported. Disabled (default): NTLM/Kerberos/TLS-DSK/Digest/Basic Enabled: Authentication mechanisms: NTLM/Kerberos/TLS-DSK Gal Download: Requires HTTPS if user is not logged in as an internal user.
V-70901	Medium	The ability to store user passwords in Skype must be disabled.	Allows Microsoft Lync to store user passwords. If you enable this policy setting, Microsoft Lync can store a password on request from the user. If you disable this policy setting, Microsoft Lync cannot store a password. If you do not configure this policy setting and the user logs on to...