UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The BlackBerry Administration Server (BAS) must be configured for Active Directory authentication with a CTO 07-15Rev1 compliant administrator password.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22102 WIR1355-01 SV-25547r2_rule ECWN-1 Medium
Description
The BAS provides the administrator interface for the BES. CTO 07-15Rev1 requires administrator accounts use either CAC authentication or use complex passwords to ensure storing access control is enforced.
STIG Date
BlackBerry Enterprise Server (version 5.x), Part 2 Security Technical Implementation Guide 2014-10-08

Details

Check Text ( C-27032r2_chk )
Verify the BAS is configured to require Active Directory authentication for system administrators and users.

To verify Active Directory Authentication is enabled, use the following procedure.

-Launch the BlackBerry Administration Service. On the Servers and components menu, expand BlackBerry Solution Topology > BlackBerry Domain > Component view.

-Click BlackBerry Administration Service.

-Click on the Microsoft Active Directory authentication tab.

-Verify username, password, and user domain fields have been entered for the BAS Active Directory account.

Note: It is recommended that Single Sign-On Authentication also be selected on the Microsoft Active Directory authentication tab, but this may not be possible for all BES installations.
Fix Text (F-23383r2_fix)
Set up the BAS for Active Directory authentication.