STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Adobe ColdFusion Security Technical Implementation Guide

V-279046

CAT III (Low)

ColdFusion must have Central Configuration Server (CCS) disabled.

Rule ID

SV-279046r1171510_rule

STIG

Adobe ColdFusion Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000381

Discussion

The ColdFusion CCS is a feature used to synchronize configuration settings across multiple ColdFusion instances. Leaving CCS enabled in a production environment especially when it is not actively used introduces unnecessary risk. If improperly secured or misconfigured, CCS can allow unauthorized access to critical configuration settings, leading to configuration drift, exposure of sensitive information, or even system compromise across multiple instances. Disabling CCS when not explicitly required helps reduce the application server's attack surface, ensures tighter control over system configurations, and limits the potential vectors for lateral movement within the environment.

Check Content

Validate CCS is disabled.

From the Admin Console Landing Screen, navigate to Server Settings >> CCS.

If the "CCS Enabled" is "Enabled", this is a finding.

Fix Text

Disable CCS.

1. From the Admin Console Landing Screen, navigate to Server Settings >> CCS.

2. Select "Disabled" on "CCS Enabled" setting.

3. Select "Submit Changes".