STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

ColdFusion must employ approved cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission.

DISA Rule

SV-77003r1_rule

Vulnerability Number

V-62513

Group Title

SRG-APP-000440-AS-000167

Rule Version

CF11-05-000197

Severity

CAT II

CCI(s)

• CCI-002421 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards.

Weight

10

Fix Recommendation

Navigate to the "Java and JVM" page under the "Server Settings" menu. Locate the JVM argument coldfusion.enablefipscrypto. If the argument cannot be found, add the argument as -Dcoldfusion.enablefipscrypto=true. If the parameter is defined but set to false, change the setting to true.

Check Contents

Within the Administrator Console, navigate to the "Java and JVM" page under the "Server Settings" menu.

If the JVM argument-Dcoldfusion.enablefipscrypto=true cannot be found or -Dcoldfusion.enablefipscrypto is set to false, this is a finding.

Vulnerability Number

V-62513

Documentable

False

Rule Version

CF11-05-000197

Severity Override Guidance

Within the Administrator Console, navigate to the "Java and JVM" page under the "Server Settings" menu.

If the JVM argument-Dcoldfusion.enablefipscrypto=true cannot be found or -Dcoldfusion.enablefipscrypto is set to false, this is a finding.

Check Content Reference

M

Target Key

2661

Comments