V-279055

Discussion

If ColdFusion is not integrated with an enterprise authentication solution, the system may rely on unmanaged local accounts that are difficult to monitor, audit, and control. This can lead to inconsistent password policies, outdated or orphaned credentials, and a lack of centralized visibility over user access. This STIG standard requires using LDAP as the enterprise authentication mechanism. LDAP integration ensures that authentication is managed through a centralized directory, allowing for strong password enforcement, account lifecycle management, role-based access control, and consolidated audit logging. Without LDAP integration, users may circumvent enterprise identity governance policies, increasing the risk of unauthorized access and administrative oversight gaps. Enterprise authentication also supports incident response and forensic analysis by enabling consistent tracking of user activities across systems. Relying on ColdFusion's internal authentication alone limits these capabilities and weakens the overall security posture. Integrating ColdFusion with an LDAP-based enterprise authentication service ensures alignment with DOD security standards, improves identity management, and reduces the risk of account compromise or privilege escalation. Satisfies: SRG-APP-000149-AS-000102, SRG-APP-000118-AS-000078, SRG-APP-000120-AS-000080, SRG-APP-000133-AS-000092, SRG-APP-000148-AS-000101, SRG-APP-000391-AS-000239, SRG-APP-000392-AS-000240, SRG-APP-000402-AS-000247, SRG-APP-000403-AS-000248, SRG-APP-000404-AS-000249, SRG-APP-000405-AS-000250, SRG-APP-000495-AS-000220, SRG-APP-000499-AS-000224, SRG-APP-000506-AS-000231, SRG-APP-000163-AS-000111, SRG-APP-000705-AS-000110

Check Content

Verify LDAP is in use.

From the Admin Console Landing Screen, navigate to Security >> Administrator.

If "External Authentication" is set to "NONE", this is a finding.