STIGQter: STIG Summary: JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

Production JBoss servers must be supported by the vendor.

DISA Rule

SV-213549r615939_rule

Vulnerability Number

V-213549

Group Title

SRG-APP-000456-AS-000266

Rule Version

JBOS-AS-000680

Severity

CAT I

CCI(s)

• CCI-002605 - The organization installs security-relevant software updates within an organization-defined time period of the release of the updates.

Weight

10

Fix Recommendation

Obtain vendor support from Red Hat.

Check Contents

Interview the system admin and have them either show documented proof of current support, or have them demonstrate their ability to access the Red Hat Enterprise Support portal.

Verify Red Hat support includes coverage for the JBoss product.

If there is no current and active support from the vendor, this is a finding.

Vulnerability Number

V-213549

Documentable

False

Rule Version

JBOS-AS-000680

Severity Override Guidance

Interview the system admin and have them either show documented proof of current support, or have them demonstrate their ability to access the Red Hat Enterprise Support portal.

Verify Red Hat support includes coverage for the JBoss product.

If there is no current and active support from the vendor, this is a finding.

Check Content Reference

M

Target Key

3987

Comments