STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Adobe ColdFusion Security Technical Implementation Guide

V-279033

CAT III (Low)

ColdFusion must not have local users.

Rule ID

SV-279033r1171269_rule

STIG

Adobe ColdFusion Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000166

Discussion

To maintain accountability and enforce access control policies, ColdFusion must require each user to authenticate using a unique account. Shared or generic accounts prevent the ability to associate user actions with specific individuals, which undermines auditing, accountability, and incident response capabilities. Unique user accounts ensure that each action taken within the ColdFusion environment can be attributed to a specific, identifiable user. This is essential for detecting misuse, investigating anomalies, and ensuring compliance with security policies.

Check Content

Verify there are no local users.

1. From the Admin Console Landing Screen, navigate to Security >> User Manager.

2. For each user, validate "External User" is checked and "User Type" is selected.

If "External User" is not checked and "User Type" is not selected, this is a finding.

Fix Text

Configure External User Accounts: 

1. From the Admin Console Landing Screen, navigate to Security >> User Manager.

2. For any user accounts where "External User" is not checked and "User Type" is not selected:

a. Edit the user account (or remove the account if it should not exist).

b. Check the box for "External User".

c. Select the appropriate "User Type".

d. Click "Update User" to save the changes.

e. Verify that no local user accounts remain and that all users are correctly configured as external.