STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

ColdFusion logs must, at a minimum, be transferred simultaneously for interconnected systems and transferred weekly for standalone systems.

DISA Rule

SV-76881r1_rule

Vulnerability Number

V-62391

Group Title

SRG-APP-000515-AS-000203

Rule Version

CF11-02-000079

Severity

CAT II

CCI(s)

CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

Fix Recommendation

Implement a strategy that transfers logs weekly for standalone systems and simultaneously for interconnected systems.

Check Contents

Interview the administrator to determine whether or not ColdFusion logs are transferred to another system weekly for standalone systems and simultaneously for interconnected systems.

If the logs are not transferred weekly for standalone systems and simultaneously for interconnected systems, this is a finding.

Vulnerability Number

V-62391

Documentable

False

Rule Version

CF11-02-000079

Severity Override Guidance

Check Content Reference

Target Key

2661

ColdFusion logs must, at a minimum, be transferred simultaneously for interconnected systems and transferred weekly for standalone systems.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments