UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The BlackBerry Bluetooth Smart Card Reader (SCR) used with site PCs must be compliant with requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19215 WIR1320-01 SV-21104r3_rule Medium
Description
Insecure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack.
STIG Date
BlackBerry Enterprise Server (version 5.x), Part 2 Security Technical Implementation Guide 2016-09-08

Details

Check Text ( C-23152r5_chk )
Detailed Policy Requirements:

When the BlackBerry Bluetooth SCR is used as a PC SCR, the following requirements must be followed:

- Separate BlackBerry Account Groups should be created: One for users that are authorized to use the BlackBerry SCR with their PCs and one for users that are NOT authorized to use the BlackBerry SCR with their PCs.

Check Procedures:
Interview the ISSO and wireless email system administrator.
Determine if use of the BlackBerry SCR with site PCs has been approved.

If Yes, verify the following requirements are met:

- Verify separate BlackBerry Account Groups have been created: One for users that are authorized to use the BlackBerry SCR with their PCs and one for users that are NOT authorized to use the BlackBerry SCR with their PCs (or do not have a BlackBerry SCR).

- In the BAS, under BlackBerry solution management, select Group >> Manage groups.
- Check Group Description and have BES Admin show required user groups.

Note: Recommend two BlackBerry account groups be created:

1. BlackBerry users with a SCR, but not authorized to use the SCR to connect to their PC.
2. BlackBerry users with a SCR and authorized to use the SCR to connect to their PC.
Fix Text (F-23375r1_fix)
Comply with BlackBerry Bluetooth SCR use with site PC requirements.