Compliance Dashboard

Monitor your organization's adherence to Java security policies and regulatory requirements

/ 100

Needs Improvement

Last assessed: Mar 14, 2026 08:00 UTC

Policies Passing

Policies Failing

Policies Warning

892

Compliant Systems

Non-Compliant Systems

Pending Review

Policy Checks

✓ All production systems running supported Java versions Pass
✗ Critical patches applied within 72 hours of release (enforced by policy agent) Fail — 12 systems overdue
✓ TLS 1.2+ enforced for all Java HTTPS connections Pass
✓ Java Security Manager enabled on application servers Pass
✗ No Java installations older than N-2 quarterly patch cycle Fail — 23 systems
✓ Deserialization filters configured (JEP 290) Pass
! Certificate pinning enforced for internal services Warning — 5 exceptions
✓ JMX remote access disabled or properly secured Pass
✗ All Java keystores use strong encryption (AES-256) Fail — 8 keystores
✓ Signed JAR verification enabled Pass
✓ Java debug ports (JDWP) not exposed in production Pass
✓ Automatic update agent installed and reporting Pass
✗ FIPS 140-2 compliant cryptographic providers only Fail — 4 systems
! Weekly vulnerability scan executed on all systems Warning — 10 missed
✓ Java access logs forwarded to SIEM Pass
✓ End-of-life Java versions removed from all systems Pass
✓ Network egress filtering for Java processes Pass
✓ Security baseline configuration applied (CIS Benchmark) Pass
✓ Java process sandboxing via container/SELinux Pass
✓ Dependency vulnerability scanning (SCA) integrated in CI/CD Pass

Hostname	IP Address	Java Version	Violation	Severity	Days Overdue
srv-web-01	192.168.1.10	8u412	Critical patch overdue	Critical	4
srv-web-02	192.168.1.11	8u412	Critical patch overdue	Critical	4
srv-app-01	192.168.2.20	11.0.24	Patch N-3 cycle behind	High	32
srv-app-02	192.168.2.21	11.0.24	Weak keystore encryption	High	15
srv-batch-01	192.168.3.30	17.0.12	FIPS provider missing	Medium	22
srv-dev-01	192.168.4.40	8u402	Patch N-3 cycle behind	Medium	60
srv-mon-01	192.168.5.50	17.0.13	Certificate pin exception	Low	8

1. Immediately patch app-prod-web-03 and app-prod-web-07

These production web servers are running Java 8u412 with 3 critical CVEs. Apply JSU-2025-0198 during the next available maintenance window. Estimated downtime: 5 minutes per server.
2. Upgrade svc-payment-01 to Java 11.0.26

Payment service is 3 quarterly cycles behind. Schedule coordinated upgrade with the payments team. Requires regression testing against PCI DSS transaction flows.
3. Replace weak keystore encryption on svc-auth-02

Migrate from JCEKS with 3DES to PKCS12 with AES-256. Coordinate with identity management team for keystore migration and certificate rotation.
4. Install FIPS 140-2 cryptographic provider on batch-etl-05

Deploy the BouncyCastle FIPS provider and update java.security configuration. Required for SOX compliance on financial data processing workloads.
5. Resolve scan schedule gaps for 10 systems

Ensure the update agent is running and configured for weekly scans on all flagged systems. Verify agent health on systems that missed their last scheduled scan through the Java Security Center console.

Compliance reports are available in PDF, CSV, and JSON formats through the Java Security Center console.