UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The BlackBerry Device Service server must be configured to accept only trusted connections to back-office enclave application or web push servers. Push servers are set up to push content to BlackBerry users.


Overview

Finding ID Version Rule ID IA Controls Severity
V-39035 BBDS-00-000300 SV-50840r2_rule Medium
Description
Device authentication is a solution enabling an organization to manage both users and devices. This requirement applies to MDM servers that provide mobile device and user access to network shares, web servers, and other network resources located on the internal enclave (back-office servers, etc.). This connection bypasses user network authentication mechanisms (i.e., CAC authentication). Therefore, the MDM server must allow connections to only back-office network resources that support CAC authentication with the mobile device user. In this case, a trusted connection refers to mutual PKI based authentication between the MDM server and the network server.
STIG Date
BlackBerry Enterprise Service v10.1.x BlackBerry Device Service STIG 2014-10-06

Details

Check Text ( C-46478r4_chk )
Verify the site has configured the BDS to require trusted connections to push enclave applications or web servers, using the following procedure.

Log into BlackBerry Administration Service, and under "Servers and components" on the left side of the screen, navigate to "'BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Connection Service > ".
- On the "Instance information" tab, click "Edit instance".
- In the "Access control" section, verify "Push authentication:" is set to "Yes".

If not set as required, this is a finding.
Fix Text (F-43991r1_fix)
Configure the BlackBerry Device Service server to push content to BlackBerry devices.