Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-18394 | WIR1335-01 | SV-19929r3_rule | ECWN-1 | Low |
Description |
---|
HTML email and inline images in email can contain malware or links to web sites with malware. |
STIG | Date |
---|---|
BlackBerry Enterprise Server (version 5.x), Part 2 Security Technical Implementation Guide | 2013-03-14 |
Check Text ( C-23186r3_chk ) |
---|
Verify the BES has been configured correctly. BAS > Servers and components > Component view > Email > Messaging tab. Verify “Rich content turned on” is set to “False”. Verify “Automatic downloading of inline images turned on” is set to “False”. Mark as a finding if the BES is not configured as required. Note: The BES configurations described in this check cannot block HTML and RTF formatted email or inline images for BlackBerry devices with BlackBerry handheld software versions earlier than 4.5. |
Fix Text (F-23378r2_fix) |
---|
Configure the BES to: - Convert HTML and RTF formatted email into text format before sending to a BlackBerry smartphone; and - Prevent the BES from sending email messages with inline images to BlackBerry smartphones. |