{
"id": 354,
"benchmarkId": "Microsoft_Skype_for_Business_2016",
"slug": "microsoft_skype_for_business_2016",
"stigSlug": "microsoft_skype_for_business_2016",
"versionStatus": "current",
"status": "accepted",
"statusDate": "2016-11-02T00:00:00.000Z",
"title": "Microsoft Skype for Business 2016 Security Technical Implementation Guide",
"description": "The Microsoft Skype for Business 2016 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.",
"version": "1",
"vendor": null,
"createdAt": "2025-10-21T11:30:02.295Z",
"updatedAt": "2025-10-23T20:54:52.635Z",
"groups": [
{
"id": 18222,
"benchmarkId": 354,
"groupId": "V-70901",
"title": "SRG-APP-000516",
"description": "",
"ruleId": "SV-85525r1_rule",
"ruleWeight": "10.0",
"ruleSeverity": "medium",
"ruleVersion": "DTOO420",
"ruleTitle": "The ability to store user passwords in Skype must be disabled.",
"ruleVulnDiscussion": "Allows Microsoft Lync to store user passwords. If you enable this policy setting, Microsoft Lync can store a password on request from the user. If you disable this policy setting, Microsoft Lync cannot store a password. If you do not configure this policy setting and the user logs on to a domain, Microsoft Lync does not store the password. If you do not configure this policy setting and the user does not log on to a domain (for example, if the user logs on to a workgroup), Microsoft Lync can store the password. Note: You can configure this policy setting under both Computer Configuration and User Configuration, but the policy setting under Computer Configuration takes precedence.",
"ruleFalsePositives": "",
"ruleFalseNegatives": "",
"ruleDocumentable": "false",
"ruleMitigations": "",
"ruleIdent": "CCI-000366",
"ruleFixText": "Set the policy value for Computer Configuration -> Administrative Templates -> Skype for Business 2016 -> Microsoft Lync Feature Policies \"Allow storage of user passwords\" to \"Disabled\".",
"ruleFixId": "F-77233r1_fix",
"ruleCheckSystem": "C-71345r2_chk",
"ruleCheckContent": "Verify the policy value for Computer Configuration -> Administrative Templates -> Skype for Business 2016 -> Microsoft Lync Feature Policies \"Allow storage of user passwords\" is set to \"Disabled\".\n\nProcedure: Use the Windows Registry Editor to navigate to the following key: \n\nHKLM\\Software\\Policies\\Microsoft\\office\\16.0\\lync\n\nCriteria: If the value savepassword is REG_DWORD = 0, this is not a finding.",
"createdAt": "2025-10-21T11:30:03.731Z",
"updatedAt": "2025-10-21T11:30:03.731Z"
},
{
"id": 18223,
"benchmarkId": 354,
"groupId": "V-70903",
"title": "SRG-APP-000219",
"description": "",
"ruleId": "SV-85527r1_rule",
"ruleWeight": "10.0",
"ruleSeverity": "medium",
"ruleVersion": "DTOO421",
"ruleTitle": "Session Initiation Protocol (SIP) security mode must be configured.",
"ruleVulnDiscussion": "When Lync connects to the server, it supports various authentication mechanisms. This policy allows the user to specify whether Digest and Basic authentication are supported. Disabled (default): NTLM/Kerberos/TLS-DSK/Digest/Basic Enabled: Authentication mechanisms: NTLM/Kerberos/TLS-DSK Gal Download: Requires HTTPS if user is not logged in as an internal user.",
"ruleFalsePositives": "",
"ruleFalseNegatives": "",
"ruleDocumentable": "false",
"ruleMitigations": "",
"ruleIdent": "CCI-001184",
"ruleFixText": "Set the policy value for Computer Configuration -> Administrative Templates -> Skype for Business 2016 -> Microsoft Lync Feature Policies \"Configure SIP security mode\" to \"Enabled\".",
"ruleFixId": "F-77235r1_fix",
"ruleCheckSystem": "C-71347r2_chk",
"ruleCheckContent": "Verify the policy value for Computer Configuration -> Administrative Templates -> Skype for Business 2016 -> Microsoft Lync Feature Policies \"Configure SIP security mode\" is set to \"Enabled\".\n\nProcedure: Use the Windows Registry Editor to navigate to the following key: \n\nHKLM\\Software\\Policies\\Microsoft\\office\\16.0\\lync\n\nCriteria: If the value enablesiphighsecuritymode is REG_DWORD = 1, this is not a finding.",
"createdAt": "2025-10-21T11:30:03.731Z",
"updatedAt": "2025-10-21T11:30:03.731Z"
},
{
"id": 18224,
"benchmarkId": 354,
"groupId": "V-70905",
"title": "SRG-APP-000219",
"description": "",
"ruleId": "SV-85529r1_rule",
"ruleWeight": "10.0",
"ruleSeverity": "medium",
"ruleVersion": "DTOO422",
"ruleTitle": "In the event a secure Session Initiation Protocol (SIP) connection fails, the connection must be restricted from resorting to the unencrypted HTTP.",
"ruleVulnDiscussion": "Prevents from HTTP being used for SIP connection in case TLS or TCP fail.",
"ruleFalsePositives": "",
"ruleFalseNegatives": "",
"ruleDocumentable": "false",
"ruleMitigations": "",
"ruleIdent": "CCI-001184",
"ruleFixText": "Set the policy value for Computer Configuration -> Administrative Templates -> Skype for Business 2016 -> Microsoft Lync Feature Policies \"Disable HTTP fallback for SIP connection\" to \"Enabled\".",
"ruleFixId": "F-77237r1_fix",
"ruleCheckSystem": "C-71349r3_chk",
"ruleCheckContent": "Verify the policy value for Computer Configuration -> Administrative Templates -> Skype for Business 2016 -> Microsoft Lync Feature Policies \"Disable HTTP fallback for SIP connection\" is set to \"Enabled\".\n\nProcedure: Use the Windows Registry Editor to navigate to the following key: \n\nHKLM\\Software\\Policies\\Microsoft\\office\\16.0\\lync\n\nCriteria: If the value disablehttpconnect is REG_DWORD = 1, this is not a finding.",
"createdAt": "2025-10-21T11:30:03.731Z",
"updatedAt": "2025-10-21T11:30:03.731Z"
}
],
"profiles": [
{
"id": 3119,
"benchmarkId": 354,
"profileId": "MAC-1_Classified",
"title": "I - Mission Critical Classified",
"description": "",
"createdAt": "2025-10-21T11:30:03.843Z",
"updatedAt": "2025-10-21T11:30:03.843Z"
},
{
"id": 3120,
"benchmarkId": 354,
"profileId": "MAC-1_Public",
"title": "I - Mission Critical Public",
"description": "",
"createdAt": "2025-10-21T11:30:03.843Z",
"updatedAt": "2025-10-21T11:30:03.843Z"
},
{
"id": 3121,
"benchmarkId": 354,
"profileId": "MAC-1_Sensitive",
"title": "I - Mission Critical Sensitive",
"description": "",
"createdAt": "2025-10-21T11:30:03.843Z",
"updatedAt": "2025-10-21T11:30:03.843Z"
},
{
"id": 3122,
"benchmarkId": 354,
"profileId": "MAC-2_Classified",
"title": "II - Mission Support Classified",
"description": "",
"createdAt": "2025-10-21T11:30:03.843Z",
"updatedAt": "2025-10-21T11:30:03.843Z"
},
{
"id": 3123,
"benchmarkId": 354,
"profileId": "MAC-2_Public",
"title": "II - Mission Support Public",
"description": "",
"createdAt": "2025-10-21T11:30:03.843Z",
"updatedAt": "2025-10-21T11:30:03.843Z"
},
{
"id": 3124,
"benchmarkId": 354,
"profileId": "MAC-2_Sensitive",
"title": "II - Mission Support Sensitive",
"description": "",
"createdAt": "2025-10-21T11:30:03.843Z",
"updatedAt": "2025-10-21T11:30:03.843Z"
},
{
"id": 3125,
"benchmarkId": 354,
"profileId": "MAC-3_Classified",
"title": "III - Administrative Classified",
"description": "",
"createdAt": "2025-10-21T11:30:03.843Z",
"updatedAt": "2025-10-21T11:30:03.843Z"
},
{
"id": 3126,
"benchmarkId": 354,
"profileId": "MAC-3_Public",
"title": "III - Administrative Public",
"description": "",
"createdAt": "2025-10-21T11:30:03.843Z",
"updatedAt": "2025-10-21T11:30:03.843Z"
},
{
"id": 3127,
"benchmarkId": 354,
"profileId": "MAC-3_Sensitive",
"title": "III - Administrative Sensitive",
"description": "",
"createdAt": "2025-10-21T11:30:03.843Z",
"updatedAt": "2025-10-21T11:30:03.843Z"
}
]
}