UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The BlackBerry Administration Service must be configured to disable a user from creating an activation password via BWDM.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22165 WIR1365-01 SV-25765r2_rule ECWN-1 Low
Description
The overall security posture of the BlackBerry system is dependent on strict configuration management controls, including ensuring only authorized BlackBerry devices are being used and authorized devices are provisioned as required. Users must be prohibited from performing the following administrative tasks using the BlackBerry Web Desktop Manager: -Specify an enterprise activation password for a BlackBerry device. -Specify a new device password and lock a device. -Delete all device data and deactivate a device. -Assign a new device to a user account.
STIG Date
BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide 2012-10-01

Details

Check Text ( C-27175r2_chk )
Verify the BAS has been configured to disable users from performing administrative tasks on the BES.

In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution Topology > BlackBerry Domain > Component view.

-Click BlackBerry Administration Service.
-Click Edit component.
-On the BlackBerry Web Desktop Manager Information tab, verify “Allow users to perform self service tasks” is set to No.

Mark as a finding if not set as required.
Fix Text (F-23385r2_fix)
Configure the BlackBerry Administration Service to disable a user from performing administrative tasks on the BES.