UCF STIG Viewer Logo

BlackBerry Enterprise Mobility Server 2.x Security Technical Implementation Guide


Overview

Date Finding Count (23)
2020-05-15 CAT I (High): 2 CAT II (Med): 21 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Public)

Finding ID Severity Title
V-79023 High The BlackBerry Enterprise Mobility Server (BEMS) must be configured to use HTTPS.
V-79045 High If the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use SSL for LDAP lookup to connect to the Office Web App Server (e.g., SharePoint).
V-79047 Medium If the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to enable audit logs.
V-79033 Medium If the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to Enable SSL LDAP when using LDAP Lookup for users.
V-79031 Medium If the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use Windows Integrated Authentication for the Exchange connection.
V-79009 Medium The BlackBerry Enterprise Mobility Server (BEMS) platform must be protected by a DoD-approved firewall.
V-79037 Medium If the BlackBerry Connect service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use Windows Authentication for the database connection.
V-79035 Medium If the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to Enable SSL LDAP for certificate directory lookup.
V-79015 Medium The BlackBerry Enterprise Mobility Server (BEMS) must protect the confidentiality and integrity of transmitted information through the use of an approved TLS version.
V-79019 Medium The BlackBerry Enterprise Mobility Server (BEMS) must be configured to have at least one user in the following Administrator roles: Server primary administrator, auditor.
V-79039 Medium If the BlackBerry Connect service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to enable SSL support for BlackBerry Proxy and use only DoD approved certificates.
V-79011 Medium The firewall protecting the BlackBerry Enterprise Mobility Server (BEMS) must be configured to restrict all network traffic to and from all addresses with the exception of ports, protocols, and IP address ranges required to support BEMS functions.
V-79013 Medium The firewall protecting the BlackBerry Enterprise Mobility Server (BEMS) must be configured so that only DoD-approved ports, protocols, and services are enabled. See the DoD Ports, Protocols, Services Management (PPSM) Category Assurance Levels (CAL) list for DoD-approved ports, protocols, and services.
V-79043 Medium If the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use NTLM authentication.
V-79027 Medium The BlackBerry Enterprise Mobility Server (BEMS) must be configured with an inactivity timeout of 15 minutes or less.
V-79029 Medium If the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use Windows Authentication for the database connection.
V-79017 Medium The BlackBerry Enterprise Mobility Server (BEMS) must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
V-79021 Medium The BlackBerry Enterprise Mobility Server (BEMS) must be configured to use Windows Authentication for the database connection.
V-79025 Medium The BlackBerry Enterprise Mobility Server (BEMS) must be configured to use DoD certificates for SSL.
V-79041 Medium If the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use Windows Authentication for the database connection.
V-79003 Medium The BlackBerry Enterprise Mobility Server (BEMS) must protect log information from any type of unauthorized read access.
V-79007 Medium The BlackBerry Enterprise Mobility Server (BEMS) must protect log information from unauthorized deletion.
V-79005 Medium The BlackBerry Enterprise Mobility Server (BEMS) must protect log information from unauthorized modification.