UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

All user and or group accounts must have an Access Control Rule assigned to the account.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22056 WIR1350-01 SV-25492r3_rule ECWN-1 Medium
Description
The BES MDS Connection Service allows BlackBerry users to search the enclave for files and documents of interest to the user without any authentication requirements to the enclave. Access control requirements of the network can be bypassed.
STIG Date
BlackBerry Enterprise Server (version 5.x), Part 2 Security Technical Implementation Guide 2015-07-02

Details

Check Text ( C-27011r4_chk )
Detailed Policy Requirements:

The BES must be configured so that all network file share access by BlackBerry users has been blocked. A high-level "deny all" Access Control Rule policy must be set up and assigned to each user or group account.

Check Procedures:

Verify all user and group accounts have been assigned an Access Control Rule.

On the BES, do the following:

Select at least 20 user/group accounts at random from different offices/sites.

Go to each selected user/group account: BAS >> BlackBerry solution management >> User >> Manage users >> select user >> Access control rules tab.

Verify each user has been assigned an Access Control Rule. Write down the name of each Access Control Rule assigned to each account (the settings of each rule will be verified in WIR1350-02).

If any user or group account has not been assigned an Access Control Rule, this is a finding.
Fix Text (F-23381r2_fix)
The BES MDS Connection Service will be configured to disable browsing on the enclave for files and documents of interest. Each user and group account is assigned an Access Control Rule.