UCF STIG Viewer Logo

The BlackBerry Device Service server must enforce the email client S/MIME encryption algorithm to be 3DES or AES256 via centrally managed policy.


Overview

Finding ID Version Rule ID IA Controls Severity
V-48513 BBDS-00-000132 SV-61385r1_rule Medium
Description
Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data. In this case the requirement states that S/MIME must utilize a 3DES or AES encryption algorithm.
STIG Date
BlackBerry Enterprise Service v10.2.x BlackBerry Device Service STIG 2015-07-23

Details

Check Text ( C-50849r1_chk )
Review the BlackBerry Device Service server policy configuration to determine whether the encryption algorithms used to encrypt S/MIME protected email messages are 3DES or AES256. If there are multiple policies, they must all be reviewed. Otherwise, this is a finding.
Fix Text (F-52119r1_fix)
Configure the centrally managed BlackBerry Device Service server policy rule to enforce the email client S/MIME encryption algorithm to be 3DES or AES256 via centrally managed policy.

Log into BlackBerry Administration Service, and under "BlackBerry solution management" on the left side of the screen, navigate to "Profiles > Manage email profiles > > Email profile settings" and verify "Allowed content ciphers" is set to "AES (256-bit), or "Triple DES."