Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Blackberry Administration Service must be configured to disable a user from creating an activation password via BWDM. This requirement applies only to BES 5.x.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22165 | WIR1365-01 | SV-25765r3_rule | ECWN-1 | Low |
| Description |
|---|
| The overall security posture of the Blackberry system is dependent on strict configuration management controls, including ensuring only authorized Blackberry devices are being used and authorized devices are provisioned as required. Users must be prohibited from performing the following administrative tasks using the BlackBerry Web Desktop Manager: -Specify an enterprise activation password for a BlackBerry device -Specify a new device password and lock a device -Delete all device data and deactivate a device -Assign a new device to a user account |
| STIG | Date |
|---|---|
| BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide | 2011-09-30 |
Details
| Check Text ( C-27175r2_chk ) |
|---|
| Verify the BAS has been configured to disable users from performing administrative tasks on the BES. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution Topology > BlackBerry Domain > Component view. -Click BlackBerry Administration Service. -Click Edit component. -On the BlackBerry Web Desktop Manager information tab, verify “Allow users to perform self service tasks” is set to No. Mark as a finding if not set as required. |
| Fix Text (F-23385r2_fix) |
|---|
| Configure the Blackberry Administration Service to disable a user from performing administrative tasks on the BES. |