The key store password for the certificate that the BlackBerry Administration Service (BAS) and BlackBerry Web Desktop Manager (BWDM) use must be changed from the default.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22164	WIR1355-02	SV-25764r3_rule		Low

Description
The key store password protects the server digital authentication certificates from unauthorized use.

STIG	Date
BlackBerry Enterprise Server (version 5.x), Part 2 Security Technical Implementation Guide	2016-09-08

Details

Check Text ( C-27174r3_chk )
Determine if the BAS and BWDM key store password have been changed from the default. The password must meet the requirements of CTO 07-15Rev1: 15 characters in length and the password complexity is a case-sensitive character mix of upper case letters, lower case letters, numbers, and special characters, including at least one of each. Start >> Programs >> BlackBerry Enterprise Server >> BlackBerry server Configuration. On the Administration service – Cacerts keystore tab, check the length of the current password and ask the BES admin if a complex password was used. If either the length or complexity requirements are not met, this is a finding.

Check Text ( C-27174r3_chk )

Determine if the BAS and BWDM key store password have been changed from the default. The password must meet the requirements of CTO 07-15Rev1: 15 characters in length and the password complexity is a case-sensitive character mix of upper case letters, lower case letters, numbers, and special characters, including at least one of each.

Start >> Programs >> BlackBerry Enterprise Server >> BlackBerry server Configuration.

On the Administration service – Cacerts keystore tab, check the length of the current password and ask the BES admin if a complex password was used.

If either the length or complexity requirements are not met, this is a finding.