Production JBoss servers must be supported by the vendor.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-213549 | JBOS-AS-000680 | SV-213549r961683_rule | CCI-002605 | high |
| Description | ||||
| The JBoss product is available as Open Source; however, the Red Hat vendor provides updates, patches and support for the JBoss product. It is imperative that patches and updates be applied to JBoss in a timely manner as many attacks against JBoss focus on unpatched systems. It is critical that support be obtained and made available. | ||||
| STIG | Date | |||
| JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide | 2025-02-20 | |||
Related Frameworks
5 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
SI-2
1.00
- DISA · V2R6 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1713 mappings
3.14.1
1.00
- DISA · V2R6 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.14.2
1.00
- DISA · V2R6 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.14.3
1.00
- DISA · V2R6 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-002605
1.00
- DISA · V2R6 · disa_xccdf · related
Details
Check Text (C-213549r961683_chk)
Interview the system admin and have them either show documented proof of current support, or have them demonstrate their ability to access the Red Hat Enterprise Support portal.
Verify Red Hat support includes coverage for the JBoss product.
If there is no current and active support from the vendor, this is a finding.
Fix Text (F-14770r296314_fix)
Obtain vendor support from Red Hat.