STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide

V-213549

CAT I (High)

Production JBoss servers must be supported by the vendor.

Rule ID

SV-213549r961683_rule

STIG

JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide

Version

V2R6

CCIs

CCI-002605

Discussion

The JBoss product is available as Open Source; however, the Red Hat vendor provides updates, patches and support for the JBoss product. It is imperative that patches and updates be applied to JBoss in a timely manner as many attacks against JBoss focus on unpatched systems. It is critical that support be obtained and made available.

Check Content

Interview the system admin and have them either show documented proof of current support, or have them demonstrate their ability to access the Red Hat Enterprise Support portal.

Verify Red Hat  support includes coverage for the JBoss product.

If there is no current and active support from the vendor, this is a finding.

Fix Text

Obtain vendor support from Red Hat.