The BlackBerry Administration Server (BAS) must be configured for Active Directory authentication with a CTO 07-15Rev1 compliant administrator password.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22102 | WIR1355-01 | SV-25547r2_rule | ECWN-1 | Medium |
| Description |
|---|
| The BAS provides the administrator interface for the BES. CTO 07-15Rev1 requires administrator accounts use either CAC authentication or use complex passwords to ensure storing access control is enforced. |
| STIG | Date |
|---|---|
| BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide | 2012-10-01 |
Details
| Check Text ( C-27032r2_chk ) |
|---|
| Verify the BAS is configured to require Active Directory authentication for system administrators and users. To verify Active Directory Authentication is enabled, use the following procedure. -Launch the BlackBerry Administration Service. On the Servers and components menu, expand BlackBerry Solution Topology > BlackBerry Domain > Component view. -Click BlackBerry Administration Service. -Click on the Microsoft Active Directory authentication tab. -Verify username, password, and user domain fields have been entered for the BAS Active Directory account. Note: It is recommended that Single Sign-On Authentication also be selected on the Microsoft Active Directory authentication tab, but this may not be possible for all BES installations. |
| Fix Text (F-23383r2_fix) |
|---|
| Set up the BAS for Active Directory authentication. |