UCF STIG Viewer Logo

The BlackBerry Bluetooth Smart Card Reader (SCR) used with site PCs must be compliant with requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19215 WIR1320-01 SV-21104r2_rule ECWN-1 Medium
Description
Insecure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack.
STIG Date
BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide 2012-10-01

Details

Check Text ( C-23152r2_chk )
Detailed Policy Requirements:

When the BlackBerry Bluetooth SCR is used as a PC SCR, the following requirements must be
followed:
- Separate BlackBerry Account Groups should be created: One for users that are authorized to use the RIM BlackBerry SCR with their PCs and one for users that are NOT authorized to use the RIM BlackBerry SCR with their PCs.

Check Procedures:
Interview the IAO and wireless email system administrator.
Determine if use of the BlackBerry SCR with site PCs has been approved. If Yes, verify the
following requirements are met:

- Verify separate BlackBerry Account Groups have been created: One for users that are authorized to use the BlackBerry SCR with their PCs and one for users that
are NOT authorized to use the BlackBerry SCR with their PCs (or do not have a BlackBerry SCR).

- In the BAS, under BlackBerry solution management, select Group > Manage groups.
- Check Group Description and have BES Admin show required user groups.

Note: Recommend two BlackBerry account groups be created:
1. BlackBerry users with a SCR, but not authorized to use the SCR to connect to their PC.
2. BlackBerry users with a SCR and authorized to use the SCR to connect to their PC.
Fix Text (F-23375r1_fix)
Comply with BlackBerry Bluetooth SCR use with site PC requirements.