Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22102 | WIR1355-01 | SV-25547r4_rule | ECWN-1 | Medium |
Description |
---|
The BAS provides the administrator interface for the BES. CTO 07-15Rev1 requires administrator accounts use either CAC authentication or use complex passwords to ensure storing access control is enforced. |
STIG | Date |
---|---|
BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide | 2011-09-30 |
Check Text ( C-27032r3_chk ) |
---|
Verify the BAS is configured to require Active Directory authentication for system administrators and users. To verify Active Directory Authentication is enabled, use the following procedure: -Launch the BlackBerry Administration Service. On the Servers and components menu, expand BlackBerry Solution Topology > BlackBerry Domain > Component view. -Click BlackBerry Administration Service. -Click on the Microsoft Active Directory authentication tab. -Verify username, password, and user domain fields have been entered for the BAS Active Directory account. Note: It is recommended that Single Sign-On Authentication also be selected on the on the Microsoft Active Directory authentication tab, but this may not be possible for all BES installations. |
Fix Text (F-23383r2_fix) |
---|
Set up the BAS for Active Directory (AD) authentication. |