Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The BES must be configured to accept only trusted connections to back-office enclave application or web push servers. Push servers are set up to push content to BlackBerry users (e.g., Remedy ticket notification system).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19201 | WIR1315-03 | SV-21090r3_rule | Low |
| Description |
|---|
| Only authorized servers should be able to push content to BlackBerry devices. |
| STIG | Date |
|---|---|
| BlackBerry Enterprise Server (version 5.x), Part 2 Security Technical Implementation Guide | 2016-09-08 |
Details
| Check Text ( C-23137r3_chk ) |
|---|
| Verify the site has configured the BES to require trusted connections to push enclave application or web servers, using the following procedure: -On the BAS, go to Servers and components >> BlackBerry Solution topology >> BlackBerry Domain >> MDS Connection Service. -Click "Edit components". -Click the "HTTPS" tab. -Verify "Allow Untrusted Servers" is set to "No". -Click the "TLS" tab. -Verify "Allow Untrusted Servers" is set to "No". If any of these settings are not correct, this is a finding. Verify a keystore file has been set up (webserver.keystore) at the following location on the BES: - If the keystore file is not found, this is a finding. |
| Fix Text (F-23374r1_fix) |
|---|
| The BES must be configured to accept only trusted connections to back-office enclave application or web push servers. |