STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide

V-213550

CAT I (High)

The JRE installed on the JBoss server must be kept up to date.

Rule ID

SV-213550r961683_rule

STIG

JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide

Version

V2R6

CCIs

CCI-002605

Discussion

The JBoss product is available as Open Source; however, the Red Hat vendor provides updates, patches and support for the JBoss product. It is imperative that patches and updates be applied to JBoss in a timely manner as many attacks against JBoss focus on unpatched systems. It is critical that support be obtained and made available.

Check Content

Interview the system admin and obtain details on their patch management processes as it relates to the OS and the Application Server.

If there is no active, documented patch management process in use for these components, this is a finding.

Fix Text

Configure the operating system and the application server to use a patch management system or process that ensures security-relevant updates are installed within the time period directed by the ISSM.