STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide

V-213531

CAT II (Medium)

JBoss KeyStore and Truststore passwords must not be stored in clear text.

Rule ID

SV-213531r981682_rule

STIG

JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide

Version

V2R6

CCIs

CCI-000196

Discussion

Access to the JBoss Password Vault must be secured, and the password used to access must be encrypted. There is a specific process used to generate the encrypted password hash. This process must be followed in order to store the password in an encrypted format. The admin must utilize this process in order to ensure the Keystore password is encrypted.

Check Content

The default location for the keystore used by the JBoss vault is the <JBOSS_HOME>/vault/ folder.

If a vault keystore has been created, by default it will be in the file: <JBOSS_HOME>/vault/vault.keystore.  The file stores a single key, with the default alias vault, which will be used to store encrypted strings, such as passwords, for JBoss EAP. 

Have the system admin provide the procedure used to encrypt the keystore password that unlocks the keystore.

If the system administrator is unable to demonstrate or provide written process documentation on how to encrypt the keystore password, this is a finding.

Fix Text

Configure the application server to mask the java keystore password as per the procedure described in section 11.13.3 -Password Vault System in the JBoss_Enterprise_Application_Platform-6.3-Administration_and_Configuration_Guide-en-US document.