UCF STIG Viewer Logo

BlackBerry Enterprise Service v10.1.x BlackBerry Device Service STIG


Overview

Date Finding Count (42)
2013-10-25 CAT I (High): 6 CAT II (Med): 30 CAT III (Low): 6
STIG Description
The BlackBerry Enterprise Service v10.1.x BlackBerry Device Service Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
BBDS-00-000315 High The BlackBerry Device Service server must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.
BBDS-00-002541 High The BlackBerry Device Service server must disable copying data from inside a non-secure data area on a mobile device into the security container via centrally managed policy.
BBDS-00-003177 High The BlackBerry Device Service server must direct all Work Space application traffic through the BlackBerry Device Service server via centrally managed policy.
BBDS-00-000295 High The BlackBerry Device Service server must use organization defined replay-resistant authentication mechanisms for network access to privileged accounts.
BBDS-00-000290 High The BlackBerry Device Service server must require administrators to be authenticated with an individual authenticator prior to using a group authenticator.
BBDS-00-000100 High The BlackBerry Device Service server must implement separation of administrator duties by requiring a specific role be assigned to each administrator account.
BBDS-00-000159 Medium The BlackBerry Device Service server must disable the Bluetooth transfer of Work Space contacts via centrally managed policy.
BBDS-00-000158 Medium The BlackBerry Device Service server must disable the transfer of work messages using Bluetooth MAP without a user prompt via centrally managed policy.
BBDS-00-000305 Medium The BlackBerry Device Service server must support administrator authentication to the server via the Enterprise Authentication Mechanism's authentication.
BBDS-00-000151 Medium The BlackBerry Device Service server must disable the Message Access Profile (MAP) Bluetooth profile via centrally managed policy.
BBDS-00-000152 Medium The BlackBerry Device Service server must disable the Personal Area Networking Profile (PAN) Bluetooth profile via centrally managed policy.
BBDS-00-000155 Medium The BlackBerry Device Service server must disable Bluetooth Discoverable Mode via centrally managed policy.
BBDS-00-000132 Medium If the BlackBerry Device Service server includes a mobile email management capability, the email client S/MIME encryption algorithm must be 3DES or AES. When AES is used, AES-128 bit encryption key length is the minimum requirement; AES-256 is desired.
BBDS-00-000157 Medium The BlackBerry Device Service server must disable the transfer of work messages using Bluetooth MAP via centrally managed policy.
BBDS-00-000156 Medium The BlackBerry Device Service server must disable the transfer of work files using Bluetooth OPP via centrally managed policy.
BBDS-00-000146 Medium The BlackBerry Device Service server must disable the Advanced Audio Distribution Profile (A2DP) Bluetooth profile via centrally managed policy.
BBDS-00-000240 Medium The BlackBerry Device Service server must set the number of uppercase letters in the Work Space password to at least one via centrally managed policy.
BBDS-00-000245 Medium The BlackBerry Device Service server must set the number of numbers in the Work Space password to at least one via centrally managed policy.
BBDS-00-000200 Medium BlackBerry Web Desktop Manager must be configured to permit users to activate new BlackBerry devices only.
BBDS-00-003170 Medium The BlackBerry Device Service server must force the display of a warning banner on the lock screen of the mobile device via centrally managed policy.
BBDS-00-003176 Medium The BlackBerry Device Service server must disable any mobile OS service that connects to a cloud storage server via centrally managed policy.
BBDS-00-003178 Medium The BlackBerry Device Service server must disallow Personal Space applications access to the Work Space network connection via centrally managed policy.
BBDS-00-003179 Medium The BlackBerry Device Service server must have the administrative functionality disallow hyperlinks within Work Space applications from opening within the Personal Space browser application via centrally managed policy.
BBDS-00-003131 Medium The BlackBerry Device Service server must disallow mobile device applications the ability to reset the Work Space lock timer via centrally managed policy.
BBDS-00-000165 Medium The BlackBerry Device Service server must enable Bluetooth 128-bit encryption via centrally managed policy.
BBDS-00-000148 Medium The BlackBerry Device Service server must disable the Phone Book Access Profile (PBAP) Bluetooth profile via centrally managed policy.
BBDS-00-000260 Medium The BlackBerry Device Service server must enable a Work Space password length of eight or more characters via centrally managed policy.
BBDS-00-000160 Medium The BlackBerry Device Service server must enable Bluetooth pairing using a randomly generated passkey size of at least 8 digits via centrally managed policy.
BBDS-00-000275 Medium The BlackBerry Device Service server must be configured to restrict the download of software within the Work Space to DoD-approved sources only (e.g., DoD-operated mobile device application store or BlackBerry Device Service server).
BBDS-00-000270 Medium The BlackBerry Device Service server must set the Work Space inactivity timeout to 15 minutes via centrally managed policy.
BBDS-00-000147 Medium The BlackBerry Device Service server must disable the Audio/Video Remote Control Profile (AVRCP) Bluetooth profile via centrally managed policy.
BBDS-00-000149 Medium The BlackBerry Device Service server must disable the Hands-Free Profile (HFP) Bluetooth profile via centrally managed policy.
BBDS-00-000235 Medium The BlackBerry Device Service server must enable a Work Space password via centrally managed policy.
BBDS-00-000230 Medium The BlackBerry Device Service server must set the number of incorrect password attempts before a data wipe procedure is initiated to 10 via centrally managed policy.
BBDS-00-003160 Medium The BlackBerry Device Service server must disable the mobile device user's access to BlackBerry World for Work Space and only allow access to apps published from BlackBerry Device Service.
BBDS-00-000285 Medium BlackBerry Web Desktop Manager must be configured to disable a user's capability to perform self-service tasks.
BBDS-00-000287 Low The BlackBerry Device Service server must disallow any native applications pertaining to billing via centrally managed policy.
BBDS-00-000310 Low The key store password for the certificate that the BlackBerry Administration Service (BAS) and BlackBerry Web Desktop Manager (BWDM) use must be changed from the default.
BBDS-00-000286 Low BlackBerry Web Desktop Manager must be configured to disable a user's capability to perform a backup or restore of the Work Space.
BBDS-00-000325 Low The server PKI digital certificate installed on the BlackBerry Device Service (BDS) Server to support BlackBerry Administration Service and BlackBerry Web Desktop Manager (BWDM) authentication must be a DoD PKI issued certificate. A self signed certificate will not be used.
BBDS-00-002542 Low The BlackBerry Device Service server must allow only Work Space contacts to be read from a native Personal Space application via centrally managed policy.
BBDS-00-003120 Low The BlackBerry Device Service server must enforce the minimum password length for the Personal Space password to 4 digits via centrally managed policy.