The BlackBerry Administration Service must be configured to disable a user from creating an activation password via BWDM.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22165 | WIR1365-01 | SV-25765r2_rule | ECWN-1 | Low |
| Description |
|---|
| The overall security posture of the BlackBerry system is dependent on strict configuration management controls, including ensuring only authorized BlackBerry devices are being used and authorized devices are provisioned as required. Users must be prohibited from performing the following administrative tasks using the BlackBerry Web Desktop Manager: -Specify an enterprise activation password for a BlackBerry device. -Specify a new device password and lock a device. -Delete all device data and deactivate a device. -Assign a new device to a user account. |
| STIG | Date |
|---|---|
| BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide | 2012-10-01 |
Details
| Check Text ( C-27175r2_chk ) |
|---|
| Verify the BAS has been configured to disable users from performing administrative tasks on the BES. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution Topology > BlackBerry Domain > Component view. -Click BlackBerry Administration Service. -Click Edit component. -On the BlackBerry Web Desktop Manager Information tab, verify “Allow users to perform self service tasks” is set to No. Mark as a finding if not set as required. |
| Fix Text (F-23385r2_fix) |
|---|
| Configure the BlackBerry Administration Service to disable a user from performing administrative tasks on the BES. |