|Finding ID||Version||Rule ID||IA Controls||Severity|
|Wireless email services are installed on a Windows Server. The server must be compliant with the Windows STIG, SQL STIG, Apache Web Server STIG, and IIS STIG to ensure the system is not vulnerable to attack resulting in a Denial of Service or compromise of the wireless email server.|
|BlackBerry Enterprise Server (version 5.x), Part 1 Security Technical Implementation Guide||2013-03-14|
|Check Text ( C-11534r2_chk )|
| Work with the OS reviewer or check VMS for last review of each host BES computer asset. The review should include the SQL server where the BES database is hosted. The review must also include an Apache Web Server review if BES 5.0 or later is used. (The BlackBerry Administration Service (BAS) on BES 5.x includes an Apache Web Server.) |
Verify there are no outstanding CAT I findings associated with each server.
Note: If IIS is installed on the server, an IIS review must also be performed.
a. IIS is required for the Exchange ESM. If a site uses the new MAPI/CDO Tools from Microsoft, then the IIS is not required. See http://www.microsoft.com/downloads/details.aspx?familyid=E17E7F31-079A-43A9-BFF2-0A110307611E&displaylang=en.
b. IIS is not required for BlackBerry Enterprise Server.
Mark as a finding if CAT I findings are open for the host computer operating system or if an SRR or site self-check was not performed for the host computers.
|Fix Text (F-23359r1_fix)|
|The host server where the BlackBerry Enterprise Server (BES) is installed is hardened in accordance with the appropriate SQL, Apache Web Server, and IIS STIGs when required.|