Free DISA STIG and SRG Library | Vaulted

V-62325

Production JBoss servers must be supported by the vendor.

Finding ID
JBOS-AS-000680
Rule ID
SV-76815r1_rule
Severity
Cat I
CCE
(None)
Group Title
SRG-APP-000456-AS-000266
CCI
CCI-002605
Target Key
(None)
Documentable
No
Discussion

The JBoss product is available as Open Source; however, the Red Hat vendor provides updates, patches and support for the JBoss product. It is imperative that patches and updates be applied to JBoss in a timely manner as many attacks against JBoss focus on unpatched systems. It is critical that support be obtained and made available.

Fix Text

Obtain vendor support from Red Hat.

Check Content

Interview the system admin and have them either show documented proof of current support, or have them demonstrate their ability to access the Red Hat Enterprise Support portal. Verify Red Hat support includes coverage for the JBoss product. If there is no current and active support from the vendor, this is a finding.