?
Solved

NIST, CIS & SANS hardening guides for JBOSS, Weblogic, Websphere, IIS

Posted on 2016-07-20
1
Medium Priority
?
1,171 Views
Last Modified: 2016-07-27
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 41721259
jboss -
there are no published CIS benchmarks for Red Hat JBoss Web Server (Tomcat or Apache). There are CIS benchmarks available for community version of Tomcat 5/6.x and Apache 2.2, however, those reports would not be accurate reflections of the Red Hat JBoss Web Server components.
https://access.redhat.com/solutions/1451973

if it is jboss app server - closer found is nist Checklist Details for JBoss Enterprise Application Platform (EAP) 5.x @ https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=430

another disa STIG (Red Hat JBoss Enterprise Application Platform (EAP) 6.3 STIG Version 1, Release 1) @ http://iase.disa.mil/stigs/app-security/app-servers/Pages/jboss.aspx


Websphere - nist (BEA WebLogic Server 7.0 sp6 Sun JRE 5.0 Update 4 ) Checklist Details for Application Services STIG Checklist Version 1 Release 1.1 @ https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=365


Weblogic - nist Checklist Details for Oracle WebLogic Server 12c STIG Ver 1, Rel 2  @ https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=670

disa STIG (Oracle WebLogic Server 12c STIG - Ver 1, Rel 2) @ http://iase.disa.mil/stigs/app-security/app-servers/Pages/general.aspx


iis - nist version is latest to Checklist Details for CIS Microsoft IIS 8 Benchmark 1.4.0 @ https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=613
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month13 days, 13 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question