For those of us unfamiliar with STIG compliance, can you give a reference?
Thanks! Ben > On Mar 10, 2014, at 9:15 AM, Chester Austin <[email protected]> wrote: > > > We're in the process of trying to get our Production server STIG compliant. > The database and OS end seem pretty straight forward. The application end, > however, seems to be more complicated than it needs to be. > > Is there any resources that point to how to handle web development things in > the STIG server requirement? > > How different is the coding practices for STIG and non-STIG? > > For example, a simple CFM might have (minus any frameworks) a <cfquery> on > the top of the page and a <cfoutput> on the bottom of the page. > > Are there different DSN for various security roles a user might be (a regular > user might be one DSN and another user might be another)? Would that be > necessary? > > I can give a more detailed example if necessary, but some guidance on how to > design and implement the various requirements would be a good first step. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357902 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
