← Back to Adobe ColdFusion Security Technical Implementation Guide

V-279077

CAT II (Medium)

ColdFusion must record time stamps for log records that can be mapped system time.

Rule ID

SV-279077r1171570_rule

STIG

Adobe ColdFusion Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001890

Discussion

Using a consistent time standard such as UTC or GMT for the internal clock of ColdFusion is crucial for maintaining accurate and reliable system logs. This consistency is essential for correlating events across different systems and networks, especially in environments where systems are geographically dispersed. If the internal clock is not set to a standard time, it can lead to discrepancies in log files, making it difficult to trace and investigate security incidents. Additionally, using a nonstandard time setting can complicate the synchronization of time-sensitive operations and affect the overall security posture of ColdFusion. Therefore, setting the internal clock to UTC or GMT helps ensure the integrity and reliability of system logs and enhances the ability to detect and respond to security events effectively.

Check Content

Verify JVM Arguments for Time zone.

From the Admin Console Landing Screen, navigate to Server Settings &gt;&gt; Java and JVM.

If the JVM argument -"Duser.timezone=&lt;TIMEZONE&gt;" cannot be found , this is a finding.

Fix Text

Configure JVM Arguments for Time zone.

1. From the Admin Console Landing Screen, navigate to Server Settings &gt;&gt; Java and JVM.

2. Add the argument as:
"Duser.timezone=&lt;TIMEZONE&gt;"
(If the parameter is already defined, change the setting to "&lt;TIMEZONE&gt;".)

3. Select "Submit Changes".