Required security controls used when BlackBerry Wi-Fi is used by the site to connect to a DoD Wi-Fi network. Required security controls are in Table 2, BlackBerry STIG Configuration Tables.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19224 | WIR1325-01 | SV-21113r3_rule | ECWN-1 | Low |
| Description |
|---|
| If Blackberry Wi-Fi controls are not implemented, DoD data can be compromised. |
| STIG | Date |
|---|---|
| BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide | 2011-07-14 |
Details
| Check Text ( C-23162r2_chk ) |
|---|
| Ask the BlackBerry system administrator if the site uses BlackBerry Wi-Fi to connect to DoD WLAN. If yes, verify the following actions have occurred: 1. Determine which BlackBerry users have been approved to use BlackBerry Wi-Fi to connect to the DoD WLAN. Ask the IAO or BlackBerry SA for names of site BlackBerry users that have been authorized to use BlackBerry Wi-Fi Service. 2. Verify that these users have been assigned a WLAN Configuration Set (profile). Verify that authorized users have been assigned a WLAN profile as follows (select two or three users to check). For BES 5.0 - On the BAS, in the BlackBerry solution management box, expand “User” and click on “Manage users.” Then, click on “search in the center screen. A list of all users assigned to the BES will be available. - Click the user account to which you want to verify a WLAN profile has been assigned. - Click on the WLAN configuration tab. - Look to see the name of the WLAN configuration (profile) that has been assigned to the user (if any). -Verify each assigned WLAN Configuration Set (profile) is configured as required. The required configuration is listed in Table C-2 of the Blackberry STIG Overview (see procedure below). For BES 4.1.x - In the BlackBerry® Manager, in the left pane, click BlackBerry Domain. - On the All Users tab, double-click the user account to which you want to verify a WLAN profile has been assigned - In the Properties for the user account, click WLAN Configuration. - Double-click WLAN Configuration Sets to see if a WLAN profile has been assigned to the user account. If Yes, write down the name of the profile. If No, mark as a finding. 3. Verify each assigned WLAN Configuration Set (profile) is configured as required. The required configuration is listed in Table C-2 of the Blackberry STIG Overview (see procedure below). Mark as a finding if any user accounts authorized for WLAN do not have a WLAN configuration assigned to the account. The setup of each WLAN Configuration Set on the BES can be viewed as follows: For BES 5.0 - BAS > BlackBerry solution management box > Policy > WLAN configuration > Manage WLAN configurations. - For each listed WLAN configuration that is to be checked, click on the configuration, then click on the WLAN configuration data tab. - Verify rules are set as shown in table C-2 (only rules with “Required” settings need to be verified). For BES 4.1.x - In the BlackBerry Manager, click BlackBerry Domain (left pane). - On the Global tab, click Edit Properties. - Click WLAN Configuration. - In the WLAN Configuration Administration section, double-click WLAN Configuration Sets. - Double-click a profile to check. - In the left pane, click WLAN Settings and check settings with Table C-2. - Verify rules are set as shown in table C.2 (only rules with “Required” settings need to be verified) Mark as a finding if the WLAN profile has not been configured as required. |
| Fix Text (F-23376r1_fix) |
|---|
| Required security controls used when BlackBerry Wi-Fi is used by the site to connect to a DoD Wi-Fi network. |