Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-62481 | CF11-05-000181 | SV-76971r1_rule | Medium |
Description |
---|
A mission critical system is a system that handles data vital to the organization's operational readiness or effectiveness of deployed or contingency forces. A mission critical system must maintain the highest level of integrity and availability. By High Availability (HA) clustering the ColdFusion application server, the hosted application and data are given a platform that is load-balanced and provides high-availability. Most HA clusters consist of two nodes, which is the minimum required for redundancy, but HA clusters can consist of many more nodes. ColdFusion does offer a clustering capability that must be used when the ColdFusion application server is part of a mission critical system. |
STIG | Date |
---|---|
Adobe ColdFusion 11 Security Technical Implementation Guide | 2015-11-02 |
Check Text ( C-63285r1_chk ) |
---|
If ColdFusion is not part of a mission critical system, this requirement is not applicable. Within the Administrator Console, navigate to the "Instance Manager" page under the "Enterprise Manager" menu. Validate that two or more servers have been defined and that the servers are on different hosts. If there are fewer than two servers available or the servers are on the same host, this is a finding. Navigate to the "Cluster Manager" page under the "Enterprise Manager" menu. If there are no clusters defined or any cluster has fewer than two servers in the cluster, this is a finding. |
Fix Text (F-68401r1_fix) |
---|
If ColdFusion is not part of a mission critical system, this requirement is not applicable. Within the Administrator Console, navigate to the "Instance Manager" page under the "Enterprise Manager" menu. Define two or more servers to be part of each cluster. Once the servers are defined for the cluster(s), navigate to the "Cluster Manager" page under the "Enterprise Manager" menu. Define clusters for your mission critical ColdFusion installation. Each defined cluster must contain two or more servers. |