STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

ColdFusion, when part of a mission critical system, must be in a high-availability (HA) cluster.

DISA Rule

SV-76971r1_rule

Vulnerability Number

V-62481

Group Title

SRG-APP-000435-AS-000069

Rule Version

CF11-05-000181

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

If ColdFusion is not part of a mission critical system, this requirement is not applicable.

Within the Administrator Console, navigate to the "Instance Manager" page under the "Enterprise Manager" menu. Define two or more servers to be part of each cluster. Once the servers are defined for the cluster(s), navigate to the "Cluster Manager" page under the "Enterprise Manager" menu. Define clusters for your mission critical ColdFusion installation. Each defined cluster must contain two or more servers.

Check Contents

If ColdFusion is not part of a mission critical system, this requirement is not applicable.

Within the Administrator Console, navigate to the "Instance Manager" page under the "Enterprise Manager" menu. Validate that two or more servers have been defined and that the servers are on different hosts.

If there are fewer than two servers available or the servers are on the same host, this is a finding.

Navigate to the "Cluster Manager" page under the "Enterprise Manager" menu.

If there are no clusters defined or any cluster has fewer than two servers in the cluster, this is a finding.

Vulnerability Number

V-62481

Documentable

False

Rule Version

CF11-05-000181

Severity Override Guidance

If ColdFusion is not part of a mission critical system, this requirement is not applicable.

Within the Administrator Console, navigate to the "Instance Manager" page under the "Enterprise Manager" menu. Validate that two or more servers have been defined and that the servers are on different hosts.

If there are fewer than two servers available or the servers are on the same host, this is a finding.

Navigate to the "Cluster Manager" page under the "Enterprise Manager" menu.

If there are no clusters defined or any cluster has fewer than two servers in the cluster, this is a finding.

Check Content Reference

M

Target Key

2661

Comments