STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide

V-213504

CAT II (Medium)

JBoss must be configured to allow only the ISSM (or individuals or roles appointed by the ISSM) to select which loggable events are to be logged.

Rule ID

SV-213504r960882_rule

STIG

JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide

Version

V2R6

CCIs

CCI-000171

Discussion

The JBoss server must be configured to select which personnel are assigned the role of selecting which loggable events are to be logged. In JBoss, the role designated for selecting auditable events is the "Auditor" role. The personnel or roles that can select loggable events are only the ISSM (or individuals or roles appointed by the ISSM).

Check Content

Log on to the OS of the JBoss server with OS permissions that allow access to JBoss.
Using the relevant OS commands and syntax, cd to the <JBOSS_HOME>/bin/ folder.
Run the jboss-cli script to start the Command Line Interface (CLI). 
Connect to the server and authenticate.
Run the command:

For a Managed Domain configuration:
"ls host=master/server=<SERVERNAME>/core-service=management/access=authorization/role-mapping=Auditor/include="

For a Standalone configuration:
"ls /core-service=management/access=authorization/role-mapping=Auditor/include="

If the list of users in the Auditors group is not approved by the ISSM, this is a finding.

Fix Text

Obtain documented approvals from ISSM, and assign the appropriate personnel into the "Auditor" role.