The BlackBerry Administration Service must be configured to disable a user from creating an activation password via BWDM.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22165 | WIR1365-01 | SV-25765r3_rule | Low |
| Description |
|---|
| The overall security posture of the BlackBerry system is dependent on strict configuration management controls, including ensuring only authorized BlackBerry devices are being used and authorized devices are provisioned as required. Users must be prohibited from performing the following administrative tasks using the BlackBerry Web Desktop Manager: -Specify an enterprise activation password for a BlackBerry device. -Specify a new device password and lock a device. -Delete all device data and deactivate a device. -Assign a new device to a user account. |
| STIG | Date |
|---|---|
| BlackBerry Enterprise Server (version 5.x), Part 2 Security Technical Implementation Guide | 2016-09-08 |
Details
| Check Text ( C-27175r3_chk ) |
|---|
| Verify the BAS has been configured to disable users from performing administrative tasks on the BES. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution Topology >> BlackBerry Domain >> Component view. Click "BlackBerry Administration Service". Click "Edit component". On the "BlackBerry Web Desktop Manager Information" tab, verify "Allow users to perform self-service tasks" is set to "No". If not set as required, this is a finding. |
| Fix Text (F-23385r2_fix) |
|---|
| Configure the BlackBerry Administration Service to disable a user from performing administrative tasks on the BES. |