ColdFusion must have Central Configuration Server (CCS) disabled.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
low	V-279046	SRG-APP-000141-AS-000095	APAS-CF-000240	SV-279046r1171510_rule	2025-12-19	1

Description
The ColdFusion CCS is a feature used to synchronize configuration settings across multiple ColdFusion instances. Leaving CCS enabled in a production environment especially when it is not actively used introduces unnecessary risk. If improperly secured or misconfigured, CCS can allow unauthorized access to critical configuration settings, leading to configuration drift, exposure of sensitive information, or even system compromise across multiple instances. Disabling CCS when not explicitly required helps reduce the application server's attack surface, ensures tighter control over system configurations, and limits the potential vectors for lateral movement within the environment.

Description

The ColdFusion CCS is a feature used to synchronize configuration settings across multiple ColdFusion instances. Leaving CCS enabled in a production environment especially when it is not actively used introduces unnecessary risk. If improperly secured or misconfigured, CCS can allow unauthorized access to critical configuration settings, leading to configuration drift, exposure of sensitive information, or even system compromise across multiple instances. Disabling CCS when not explicitly required helps reduce the application server's attack surface, ensures tighter control over system configurations, and limits the potential vectors for lateral movement within the environment.

ℹ️ Check
Validate CCS is disabled. From the Admin Console Landing Screen, navigate to Server Settings >> CCS. If the "CCS Enabled" is "Enabled", this is a finding.

✔️ Fix
Disable CCS. 1. From the Admin Console Landing Screen, navigate to Server Settings >> CCS. 2. Select "Disabled" on "CCS Enabled" setting. 3. Select "Submit Changes".