Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
BBDS-00-000132 | BBDS-00-000132 | BBDS-00-000132_rule | Medium |
Description |
---|
Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data. In this case the requirement states that S/MIME must utilize a 3DES or AES encryption algorithm. |
STIG | Date |
---|---|
BlackBerry Device Service 6.2 STIG | 2013-05-03 |
Check Text ( C-BBDS-00-000132_chk ) |
---|
Review the BlackBerry Device Service server configuration to determine whether there is administrative functionality to configure the encryption algorithms used to encrypt S/MIME protected email messages. If this function is not present, this is a finding. The "Allowed Content Ciphers" profile setting specifies the encryption algorithms that a BlackBerry device can use to encrypt S/MIME-protected email messages. IT policy rules can be specified per group or per user. To add an IT policy to a group: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Group. 2. Click Manage groups. 3. Click the name of the group. 4. Click Edit group. 5. Click the Policies tab. 6. In the IT policy list, select the IT policy. 7. Click Save all. To add an IT policy to a user account: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. 2. Click Manage users. 3. Search for a user account. 4. In the search results, select the check box for the user account. 5. In the Add to user configuration list, click Set IT policy. 6. In the IT policy drop-down list, select the IT policy. 7. Click Save. For more details and information, please see the "Setting up device controls" section of the BlackBerry Enterprise Service 10 BlackBerry Device Service, Version: 6.2 Administration Guide. |
Fix Text (F-BBDS-00-000132_fix) |
---|
Configure the centrally managed BlackBerry Device Service server security policy rule to specify the encryption algorithms used to encrypt S/MIME protected email messages with 3DES or AES encryption. |