UCF STIG Viewer Logo

BlackBerry BES 12.5.x MDM Security Technical Implementation Guide


Date Finding Count (9)
2017-06-05 CAT I (High): 0 CAT II (Med): 8 CAT III (Low): 1
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-68689 Medium The BES12 server must be configured to enable all required audit events: a. Failure to push a new application on a managed mobile device; b. Failure to update an existing application on a managed mobile device.
V-68695 Medium The BES12 server platform must be protected by a DoD-approved firewall.
V-68697 Medium The firewall protecting the BES12 server platform must be configured to restrict all network traffic to and from all addresses with the exception of ports, protocols, and IP address ranges required to support BES12 server and platform functions.
V-68691 Medium The BES12 server must leverage the BES12 Platform user accounts and groups for BES12 server user identification and authentication.
V-68687 Medium The BES12 server must be configured with the Administrator roles: a. MD user b. Server primary administrator c. Security configuration administrator d. Device user group administrator e. Auditor.
V-68693 Medium The BES12 server must initiate a session lock after a 15-minute period of inactivity.
V-68703 Medium The BES12 server must be configured to disable a users capability to perform self-service tasks.
V-68705 Medium The server PKI digital certificate installed on the BES12 Server to support Consoles and BlackBerry Web Services authentication must be a DoD PKI issued certificate. A self-signed certificate will not be used.
V-68685 Low Before establishing a user session, the BES12 server must display an administrator-specified advisory notice and consent warning message regarding use of the BES12 server.