We just released a 35 page paper on locking down ColdFusion 9. It was written by Pete Freitag. It takes you through several layers of locking down ColdFusion, from the hardware and OS layer all the way to the application layer.
There’s a security issue with ColdFusion 9 related to Solr collections. If you are using Solr collections this is a must.