STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Adobe ColdFusion Security Technical Implementation Guide

V-279097

CAT II (Medium)

ColdFusion must ensure that ColdFusion Package Manager (cfpm) packages are transmitted using encrypted protocols.

Rule ID

SV-279097r1171591_rule

STIG

Adobe ColdFusion Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-002421

Discussion

The cfpm is used to manage various packages and modules that extend the functionality of the ColdFusion server. If these packages are downloaded or transmitted over unencrypted channels, they are susceptible to interception and tampering by malicious actors. This can lead to the introduction of malicious code, unauthorized access, and other security breaches. By ensuring that cfpm packages are transmitted using encrypted protocols, such as HTTPS, the integrity and confidentiality of the packages are maintained. This practice helps protect the server from potential threats and ensures that only trusted and verified packages are installed.

Check Content

Verify Package Manager Settings.

From the Admin Console Landing Screen, navigate to Package Manager >> Settings.

If any Site URL is configured with an "HTTP" , this is a finding.

Fix Text

Configure Package Manager Settings.

1. From the Admin Console Landing Screen, navigate to Package Manager >> Settings.

2. Enter an "HTTPS" entry into each of the Site URL fields.

3. Select "Submit Changes".