We're in the process of trying to get our Production server STIG compliant. The database and OS end seem pretty straight forward. The application end, however, seems to be more complicated than it needs to be.
Is there any resources that point to how to handle web development things in the STIG server requirement? How different is the coding practices for STIG and non-STIG? For example, a simple CFM might have (minus any frameworks) a <cfquery> on the top of the page and a <cfoutput> on the bottom of the page. Are there different DSN for various security roles a user might be (a regular user might be one DSN and another user might be another)? Would that be necessary? I can give a more detailed example if necessary, but some guidance on how to design and implement the various requirements would be a good first step. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357901 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
