UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Only the BlackBerry Enterprise Server (BES) email solution is used.


Overview

Finding ID Version Rule ID IA Controls Severity
V-14021 WIR1200-01 SV-14632r7_rule ECSC-1 High
Description
If the required Blackberry system is not used, DoD networks are at risk of being penetrated or DoD data could be exposed.
STIG Date
BlackBerry Enterprise Server, Part 1 Security Technical Implementation Guide 2011-09-30

Details

Check Text ( C-11486r7_chk )
Detailed Policy Requirements:

Only the BlackBerry Enterprise Server (BES) email solution must be used in the DoD. The BlackBerry Desktop Redirector, BlackBerry Connect, BlackBerry Express, and BlackBerry Professional Services Software are not authorized for use.

Note: The purpose of this requirement is to ensure a STIG compliant IT policy is enforced on all DoD BlackBerry devices. This requirement applies to the DoD email (primary) email account received on the BlackBerry device. All DoD BlackBerry devices must be managed via a STIG-compliant IT policy pushed from a BES.

Required/approved versions of the BES are as follows:
BES 5.0.2 with Maintenance Release 2 and Interim Security Software Update 2 (or later version)

BES 4.1.7 with Maintenance Release 3 and Interim Security Software Update 3 (or later version)

BES 4.1.6 with Maintenance Release 8 and Interim Security Software Update 6 (or later version)

(Note: DoD sites using BES version 4.1.x should upgrade to BES 5 as soon as possible. BES 4.1.x will be unsupported by RIM after June 2011.)

Note: A Designated Approval Authority (DAA) may authorize users to connect BlackBerry devices to additional, secondary email accounts (e.g., Verizon email) based on mission needs. Use IT Policy rule Allow Other Message Services, Service Exclusivity policy group to control connections to secondary email accounts.

Check Procedures:

Interview IAO and BlackBerry system administrator.

- Verify that the BES is part of the site’s BlackBerry architecture and the site uses a BES to manage site Blackberry devices.
- Verify BES Express is not used. Interview BES admin.
- Determine if the site authorizes users to connect BlackBerry devices to additional, secondary or personal email accounts (e.g., Verizon email, BlackBerry Internet Service (BIS)) based on mission needs. If yes, verify that the DAA (or designee) has approved this service. Ask to see documentation of DAA approval.
Fix Text (F-23356r1_fix)
Only the BlackBerry Enterprise Server (BES) email solution is used.