Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19215 | WIR1320-01 | SV-21104r3_rule | ECWN-1 | Medium |
Description |
---|
Insecure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack. |
STIG | Date |
---|---|
BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide | 2011-09-30 |
Check Text ( C-23152r3_chk ) |
---|
Detailed Policy Requirements: When the BlackBerry Bluetooth SCR is used as a PC SCR, the following requirements must be followed: - Separate BlackBerry Account Groups should be created: One for users that are authorized to use the RIM BlackBerry SCR with their PCs and one for users that are NOT authorized to use the RIM BlackBerry SCR with their PCs. Check Procedures: Interview the IAO and wireless email system administrator. Determine if use of the Blackberry SCR with site PCs has been approved. If Yes, verify the following requirements are met: - Verify separate BlackBerry Account Groups have been created: One for users that are authorized to use the BlackBerry SCR with their PCs and one for users that are NOT authorized to use the BlackBerry SCR with their PCs (or do not have a BlackBerry SCR). For BES 5.0: o In the BAS, under BlackBerry solution management, select Group > Manage groups o Check Group Description and have BES Admin show required user groups. For BES 4.1.x: o In BlackBerry Manager on the BES, select BlackBerry Domain in the left pane. o Select User Group List tab. o Check Group Description and have BES Admin show required user groups. Note: Recommend two BlackBerry account groups be created: 1. BlackBerry users with a SCR, but not authorized to use the SCR to connect to their PC. 2. BlackBerry users with a SCR and authorized to use the SCR to connect to their PC. |
Fix Text (F-23375r1_fix) |
---|
Comply with BlackBerry Bluetooth SCR use with site PC requirements. |