3.11 Ensure that the SharePoint Central Administration interface is not hosted in the DMZ.

Information

The SharePoint Central Administration site should not be installed onto the network DMZ, which is exposed to external internet connections.
Rationale:
SharePoint installed Central Administrator is a powerful management tool used to administer the farm. This server should be installed on a trusted network segment. This server should also be used to run services rather than user-oriented web applications.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

For environments requiring an Internet-facing capability, remove the SharePoint Central Administration application server upon which Central Administration is installed from the DMZ.
On the existing farm remove the Central Administration website by:
1. Run the SharePoint configuration wizard.
2. Select Do not disconnect from the server farm.
3. Select Yes, I want to remove the website from this machine.
4. Select OK.

See Also

https://workbench.cisecurity.org/files/2031