The BlackBerry Administration Server (BAS) must be configured for Active Directory authentication with a CTO 07-15Rev1 compliant administrator password.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22102 | WIR1355-01 | SV-25547r3_rule | Medium |
| Description |
|---|
| The BAS provides the administrator interface for the BES. CTO 07-15Rev1 requires administrator accounts use either CAC authentication or use complex passwords to ensure storing access control is enforced. |
| STIG | Date |
|---|---|
| BlackBerry Enterprise Server (version 5.x), Part 2 Security Technical Implementation Guide | 2016-09-08 |
Details
| Check Text ( C-27032r3_chk ) |
|---|
| Verify the BAS is configured to require Active Directory authentication for system administrators and users. To verify Active Directory Authentication is enabled, use the following procedure: Launch the BlackBerry Administration Service. On the Servers and components menu, expand BlackBerry Solution Topology >> BlackBerry Domain >> Component view. Click "BlackBerry Administration Service". Click on the "Microsoft Active Directory authentication" tab. Verify username, password, and user domain fields have been entered for the BAS Active Directory account. Note: It is recommended that Single Sign-On Authentication also be selected on the Microsoft Active Directory authentication tab, but this may not be possible for all BES installations. |
| Fix Text (F-23383r2_fix) |
|---|
| Set up the BAS for Active Directory authentication. |