ColdFusion must record time stamps for log records that can be mapped system time.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-279077 | SRG-APP-000374-AS-000210 | APAS-CF-000640 | SV-279077r1171570_rule | 2025-12-19 | 1 |
| Description |
|---|
| Using a consistent time standard such as UTC or GMT for the internal clock of ColdFusion is crucial for maintaining accurate and reliable system logs. This consistency is essential for correlating events across different systems and networks, especially in environments where systems are geographically dispersed. If the internal clock is not set to a standard time, it can lead to discrepancies in log files, making it difficult to trace and investigate security incidents. Additionally, using a nonstandard time setting can complicate the synchronization of time-sensitive operations and affect the overall security posture of ColdFusion. Therefore, setting the internal clock to UTC or GMT helps ensure the integrity and reliability of system logs and enhances the ability to detect and respond to security events effectively. |
| ℹ️ Check |
|---|
| Verify JVM Arguments for Time zone. From the Admin Console Landing Screen, navigate to Server Settings >> Java and JVM. If the JVM argument -"Duser.timezone=<TIMEZONE>" cannot be found , this is a finding. |
| ✔️ Fix |
|---|
| Configure JVM Arguments for Time zone. 1. From the Admin Console Landing Screen, navigate to Server Settings >> Java and JVM. 2. Add the argument as: "Duser.timezone=<TIMEZONE>" (If the parameter is already defined, change the setting to "<TIMEZONE>".) 3. Select "Submit Changes". |