UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The BES must be configured to accept only trusted connections to back-office enclave application or web push servers. Push servers are set up to push content to BlackBerry users (e.g., Remedy ticket notification system).


Overview

Finding ID Version Rule ID IA Controls Severity
V-19201 WIR1315-03 SV-21090r3_rule ECSC-1 Low
Description
Only authorized servers should be able to push content to Blackberry devices.
STIG Date
BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide 2011-09-30

Details

Check Text ( C-23137r2_chk )
Verify that the site has configured the BES to require trusted connections to Push enclave application or web servers, using the following procedure:

For BES 5.0
- On the BAS, go to Servers and components > BlackBerry Solution topology > BlackBerry Domain > MDS Connection Service.
-Click Edit components.
-Click the HTTPS tab.
-Verify Allow untrusted servers is set to “No.”
-Click the TLS tab.
-Verify Allow untrusted servers is set to “No.”

For BES 4.1.x
- In the BlackBerry Manager, click the BlackBerry MDS Connection Service in the left pane.
- On the Connection Service tab, click Edit Properties.
- Click TLS/HTTPS.
- Verify Allow Untrusted HTTPS Connections is set to False.
- Verify Allow Untrusted TLS Connections is set to False.

Mark as a finding if any of these settings are not correct

Verify a keystore file has been set up (webserver.keystore) at the following location on the BES: :\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\webserver. Look for the keystore file.
- Mark as a finding if the keystore file is not found.
Fix Text (F-23374r1_fix)
The BES must be configured to accept only trusted connections to back-office enclave application or web push servers.