Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-62369 | CF11-02-000032 | SV-76859r1_rule | Medium |
Description |
---|
Log generation and log records can be generated from various components within the application server. The list of logged events is the set of events for which logs are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating log records (e.g., logable events, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked). The events occurring must be time-correlated in order to conduct accurate forensic analysis. In addition, the correlation must meet certain tolerance criteria. For instance, DoD may define that the time stamps of different logged events must not differ by any amount greater than ten seconds. It is also acceptable for the application server to utilize an external logging tool that provides this capability. |
STIG | Date |
---|---|
Adobe ColdFusion 11 Security Technical Implementation Guide | 2016-09-21 |
Check Text ( C-63173r1_chk ) |
---|
Determine if ColdFusion is part of a clustered environment by accessing the "Instance Manager" and the "Cluster Manager" settings under the "Enterprise Manager" menu within the Administrator Console. If ColdFusion is not setup in a clustered configuration, this finding is not applicable. Ask the SA if a log record aggregation tool is being used to compile the log records from the ColdFusion application servers within the cluster for storage and review. If the log records are not being aggregated, this is a finding. |
Fix Text (F-68289r1_fix) |
---|
Implement a strategy to aggregate the log data from the ColdFusion application servers within the cluster for system-wide log trail storage and review. |