STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide

V-213524

CAT II (Medium)

Any unapproved applications must be removed.

Rule ID

SV-213524r960963_rule

STIG

JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide

Version

V2R6

CCIs

CCI-000381

Discussion

Extraneous services and applications running on an application server expands the attack surface and increases risk to the application server. Securing any server involves identifying and removing any unnecessary services and, in the case of an application server, unnecessary and/or unapproved applications.

Check Content

Log on to the OS of the JBoss server with OS permissions that allow access to JBoss. 
Using the relevant OS commands and syntax, cd to the <JBOSS_HOME>/bin/ folder. 
Run the jboss-cli script. 
Connect to the server and authenticate. 
Run the command:

ls /deployment

The list of deployed applications is displayed.  Have the system admin identify the applications listed and confirm they are approved applications.

If the system admin cannot provide documentation proving their authorization for deployed applications, this is a finding.

Fix Text

Identify, authorize, and document all applications that are deployed to the application server.  Remove unauthorized applications.