The BlackBerry Bluetooth Smart Card Reader (SCR) used with site PCs must be compliant with requirements.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-19215	WIR1320-01	SV-21104r3_rule	ECWN-1	Medium

Description
Insecure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack.

STIG	Date
BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide	2011-04-11

Details

Check Text ( C-23152r3_chk )
Detailed Policy Requirements: When the BlackBerry Bluetooth SCR is used as a PC SCR, the following requirements must be followed: - Separate BlackBerry Account Groups should be created: One for users that are authorized to use the RIM BlackBerry SCR with their PCs and one for users that are NOT authorized to use the RIM BlackBerry SCR with their PCs. Check Procedures: Interview the IAO and wireless email system administrator. Determine if use of the Blackberry SCR with site PCs has been approved. If Yes, verify the following requirements are met: - Verify separate BlackBerry Account Groups have been created: One for users that are authorized to use the BlackBerry SCR with their PCs and one for users that are NOT authorized to use the BlackBerry SCR with their PCs (or do not have a BlackBerry SCR). For BES 5.0: o In the BAS, under BlackBerry solution management, select Group > Manage groups o Check Group Description and have BES Admin show required user groups. For BES 4.1.x: o In BlackBerry Manager on the BES, select BlackBerry Domain in the left pane. o Select User Group List tab. o Check Group Description and have BES Admin show required user groups. Note: Recommend two BlackBerry account groups be created: 1. BlackBerry users with a SCR, but not authorized to use the SCR to connect to their PC. 2. BlackBerry users with a SCR and authorized to use the SCR to connect to their PC.

Check Text ( C-23152r3_chk )

Detailed Policy Requirements:

When the BlackBerry Bluetooth SCR is used as a PC SCR, the following requirements must be
followed:
- Separate BlackBerry Account Groups should be created: One for users that are authorized to use the RIM BlackBerry SCR with their PCs and one for users that are NOT authorized to use the RIM BlackBerry SCR with their PCs.

Check Procedures:
Interview the IAO and wireless email system administrator.
Determine if use of the Blackberry SCR with site PCs has been approved. If Yes, verify the
following requirements are met:

- Verify separate BlackBerry Account Groups have been created: One for users that are authorized to use the BlackBerry SCR with their PCs and one for users that
are NOT authorized to use the BlackBerry SCR with their PCs (or do not have a BlackBerry SCR).

For BES 5.0:
o In the BAS, under BlackBerry solution management, select Group > Manage groups
o Check Group Description and have BES Admin show required user groups.

For BES 4.1.x:
o In BlackBerry Manager on the BES, select BlackBerry Domain in the left pane.
o Select User Group List tab.
o Check Group Description and have BES Admin show required user groups.

Note: Recommend two BlackBerry account groups be created:
1. BlackBerry users with a SCR, but not authorized to use the SCR to connect to their PC.
2. BlackBerry users with a SCR and authorized to use the SCR to connect to their PC.

Fix Text (F-23375r1_fix)
Comply with BlackBerry Bluetooth SCR use with site PC requirements.