Yeah, that's as far as I got also. For reference, here are a few links I found. I apologize if I am not knowledgeable in this, because I'm not. Hence the reason I'm asking.
http://iase.disa.mil/stigs/ - Official (to the extent that it's the first result on Google not about TopGear and has a .mil domain). "The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack." http://www.stigviewer.com/ - Is supposed to be the guidelines in a searchable format. It's fairly recent (as of January 2014). I don't see anything relating to ColdFusion directly, which makes me question as to whether it's A) applicable or B) under some other naming / category. > I got as far as this http://en.wikipedia. > org/wiki/Security_Technical_Implementation_Guide > > Then real work called me. > > > > Wil Genovese > Sr. Web Application Developer/ > Systems Administrator > CF Webtools > www.cfwebtools.com > > wilg...@trunkful.com > www.trunkful.com > > On Mar 10, 2014, at 11:48 AM, Ben <b...@webworldinc.com> wrote: > > > > > For those of us unfamiliar with STIG compliance, can you give a > reference? > > > > Thanks! > > > > Ben > > > >> On Mar 10, 2014, at 9:15 AM, Chester Austin <chesteraustin@gmail. > com> wrote: > >> > >> > >> We're in the process of trying to get our Production server STIG > compliant. The database and OS end seem pretty straight forward. The > application end, however, seems to be more complicated than it needs > to be. > >> > >> Is there any resources that point to how to handle web development > things in the STIG server requirement? > >> > >> How different is the coding practices for STIG and non-STIG? > >> > >> For example, a simple CFM might have (minus any frameworks) a > <cfquery> on the top of the page and a <cfoutput> on the bottom of the > page. > >> > >> Are there different DSN for various security roles a user might be > (a regular user might be one DSN and another user might be another)? > Would that be necessary? > >> > >> I can give a more detailed example if necessary, but some guidance > on how to design and implement the various requirements would be a > good first step. > >> > >> > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357904 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm