UCF STIG Viewer Logo

The BES must be configured to accept only trusted connections to back-office enclave application or web push servers. Push servers are set up to push content to BlackBerry users (e.g., Remedy ticket notification system).


Overview

Finding ID Version Rule ID IA Controls Severity
V-19201 WIR1315-03 SV-21090r2_rule ECSC-1 Low
Description
Only authorized servers should be able to push content to BlackBerry devices.
STIG Date
BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide 2012-10-01

Details

Check Text ( C-23137r2_chk )
Verify the site has configured the BES to require trusted connections to push enclave application or web servers, using the following procedure.

-On the BAS, go to Servers and components > BlackBerry Solution topology > BlackBerry Domain > MDS Connection Service.
-Click Edit components.
-Click the HTTPS tab.
-Verify Allow Untrusted Servers is set to “No”.
-Click the TLS tab.
-Verify Allow Untrusted Servers is set to “No”.

Mark as a finding if any of these settings are not correct.

Verify a keystore file has been set up (webserver.keystore) at the following location on the BES: :\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\webserver. Look for the keystore file.
- Mark as a finding if the keystore file is not found.
Fix Text (F-23374r1_fix)
The BES must be configured to accept only trusted connections to back-office enclave application or web push servers.