| V-14021 ||High ||Only the BlackBerry Enterprise Server (BES) email solution is used. || If the required BlackBerry system is not used, DoD networks are at risk of being penetrated or DoD data could be exposed. |
| V-11870 ||High ||Onset Technologies METAmessage software must not be installed on DoD BlackBerry devices or on the BES.
||Onset Technologies METAmessage software is production software which may introduce a virus or other malicious code on the system. This software is not approved for use on DoD systems. |
| V-19191 ||High ||Required version of the BlackBerry Enterprise Server (BES) must be installed. ||Earlier versions of the BES have security vulnerabilities. CYBERCOM IAVA directs all DoD installations upgrade to required version due to RIM ending support for version 4.1.6 and 4.1.7 as of 2 July 2011. |
| V-14199 ||Medium ||Any services installed with the BES (for example IIS, SQL, Apache Web Server, etc.) must be reviewed for STIG compliance in accordance with the appropriate SQL, Apache Web Server, or IIS STIGs. ||The server must be compliant with the SQL STIG, Apache Web Server STIG, and/or IIS STIG to ensure the system is not vulnerable to attack resulting in a Denial of Service or compromise of the... |