The Blackberry Administration Service must be configured to disable a user from creating an activation password via BWDM. This requirement applies only to BES 5.x.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22165 | WIR1365-01 | SV-25765r2_rule | ECWN-1 | Low |
| Description |
|---|
| The overall security posture of the Blackberry system is dependent on strict configuration management controls, including ensuring only authorized Blackberry devices are being used and authorized devices are provisioned as required. When this configuration is not set as required, users may have the capability to activate unauthorized BlackBerry devices. |
| STIG | Date |
|---|---|
| BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide | 2011-07-14 |
Details
| Check Text ( C-27175r1_chk ) |
|---|
| Verify the BAS has been configured to disable users from creating activation passwords. -BAS > Servers and components > Blackberry solution topology > BlackBerry Domain > Components view > Blackberry Administration service -Select the BlackBerry Web Desktop Manager information tab. -Verify “Allow user self-activation wirelessly” is set to No. Mark as a finding if not set as required. |
| Fix Text (F-23385r1_fix) |
|---|
| The Blackberry Administration Service is configured to disable a user from creating an activation password via BWDM. |