UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

ColdFusion must employ approved cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission.


Overview

Finding ID Version Rule ID IA Controls Severity
V-62513 CF11-05-000197 SV-77003r1_rule Medium
Description
Preventing the disclosure or modification of transmitted information requires that application servers take measures to employ approved cryptography in order to protect the information during transmission over the network. This is usually achieved through the use of Transport Layer Security (TLS), SSL VPN, or IPSec tunnel. If data in transit is unencrypted, it is vulnerable to disclosure and modification. If approved cryptographic algorithms are not used, encryption strength cannot be assured. ColdFusion uses the underlying JVM to handle transmission and receiving of data, but ColdFusion does offer to the programmer an encrypt API call to protect the data. This call can use multiple crypto methods, but using FIPS 140-2 is superior to those non-FIPS crypto methods to protect and detect changes to the data. Through JVM arguments set within ColdFusion, the programmer can be forced to only FIPS crypto methods.
STIG Date
Adobe ColdFusion 11 Security Technical Implementation Guide 2017-06-15

Details

Check Text ( C-63317r1_chk )
Within the Administrator Console, navigate to the "Java and JVM" page under the "Server Settings" menu.

If the JVM argument-Dcoldfusion.enablefipscrypto=true cannot be found or -Dcoldfusion.enablefipscrypto is set to false, this is a finding.
Fix Text (F-68433r1_fix)
Navigate to the "Java and JVM" page under the "Server Settings" menu. Locate the JVM argument coldfusion.enablefipscrypto. If the argument cannot be found, add the argument as -Dcoldfusion.enablefipscrypto=true. If the parameter is defined but set to false, change the setting to true.