Required version of the BlackBerry Enterprise Server (BES) is installed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19191 | WIR1200-02 | SV-21030r5_rule | ECSC-1 | Medium |
| Description |
|---|
| Earlier versions of the BES have security vulnerabilities. JTF GNO IAVA directs all DoD installations upgrade to required version. |
| STIG | Date |
|---|---|
| BlackBerry Enterprise Server, Part 1 Security Technical Implementation Guide | 2011-04-11 |
Details
| Check Text ( C-23118r3_chk ) |
|---|
| Note: This check will change to a CAT I on 1 July 2011. Interview IAO and BlackBerry system administrator. Verify that the BES is one of the required/approved versions. Required/approved versions of the BES are as follows: Prior to 1 July 2011: ***For BES 5: BES 5.0.2 (or later version) ***For BES 4.x: BES 4.1.7 with Maintenance Release 3 and Interim Security Software Update 3 (or later version) BES 4.1.6 with Maintenance Release 8 and Interim Security Software Update 6 (or later version) It is a CAT II finding if BES 4.1.5 or earlier is being used. After 1 July 2011: BES 5.0.2 (or later version) (CAT II finding if BES 5.x is being used but not the listed version or later version.) It is a CAT I finding if BES 4.x is being used since this version is no longer supported by the vendor, From the BlackBerry Manager, select Help to view the version number. |
| Fix Text (F-23357r1_fix) |
|---|
| The BlackBerry Enterprise Server (BES) version is 4.1.6 MR 5 or later. |