I got as far as this http://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide
Then real work called me. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 10, 2014, at 11:48 AM, Ben <b...@webworldinc.com> wrote: > > For those of us unfamiliar with STIG compliance, can you give a reference? > > Thanks! > > Ben > >> On Mar 10, 2014, at 9:15 AM, Chester Austin <chesteraus...@gmail.com> wrote: >> >> >> We're in the process of trying to get our Production server STIG compliant. >> The database and OS end seem pretty straight forward. The application end, >> however, seems to be more complicated than it needs to be. >> >> Is there any resources that point to how to handle web development things in >> the STIG server requirement? >> >> How different is the coding practices for STIG and non-STIG? >> >> For example, a simple CFM might have (minus any frameworks) a <cfquery> on >> the top of the page and a <cfoutput> on the bottom of the page. >> >> Are there different DSN for various security roles a user might be (a >> regular user might be one DSN and another user might be another)? Would >> that be necessary? >> >> I can give a more detailed example if necessary, but some guidance on how to >> design and implement the various requirements would be a good first step. >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357903 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm