STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

ColdFusion log records must be off-loaded onto a different system or media from the system being logged.

DISA Rule

SV-76879r1_rule

Vulnerability Number

V-62389

Group Title

SRG-APP-000358-AS-000064

Rule Version

CF11-02-000065

Severity

CAT II

CCI(s)

• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

Configure a scheduled task or log management application to store the log files to another system or media.

Check Contents

Locate the log file directory by viewing the "Log directory" setting within the "Logging Settings" page under the "Debugging & Logging" menu. Have the administrator show the scheduled task or log management application that accesses this directory and stores the log files to another system or media.

If the administrator cannot demonstrate that the log files are being stored to another system or media, this is a finding.

Vulnerability Number

V-62389

Documentable

False

Rule Version

CF11-02-000065

Severity Override Guidance

Locate the log file directory by viewing the "Log directory" setting within the "Logging Settings" page under the "Debugging & Logging" menu. Have the administrator show the scheduled task or log management application that accesses this directory and stores the log files to another system or media.

If the administrator cannot demonstrate that the log files are being stored to another system or media, this is a finding.

Check Content Reference

M

Target Key

2661

Comments