In general, what configuration and deployment steps did you take in implementing COTS and open source products in a secure environment within a DoD network?
If someone can direct me to a white paper on this type of configuration it'd be grately appreciated!
While it's not specific to a DoD network, there's information on steps needed to secure JBoss in the Wiki:
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss