BlackBerry Web Desktop Manager (BWDM) or Blackberry Desktop Manager (BDM) must be configured as required.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22058	WIR1095-01	SV-25495r2_rule	ECWN-1	Low

Description
The BWDM provides the capability for users to self provision their BlackBerry, and to synchronize the BlackBerrys to the BES. The BWDM works by providing a web client interface to the BlackBerry database via the BlackBerry Administrative Service (BAS). Users must log into the BAS to access the data service. The BAS is a private web server. CTO 0715rev 1 requires either CAC authentication or a complex 15-character password to log into DoD private web servers. DoD users must use their CAC for authentication to the BAS because they do not know their 256 character AD password.

Description

The BWDM provides the capability for users to self provision their BlackBerry, and to synchronize the BlackBerrys to the BES. The BWDM works by providing a web client interface to the BlackBerry database via the BlackBerry Administrative Service (BAS). Users must log into the BAS to access the data service. The BAS is a private web server. CTO 0715rev 1 requires either CAC authentication or a complex 15-character password to log into DoD private web servers. DoD users must use their CAC for authentication to the BAS because they do not know their 256 character AD password.

STIG	Date
BlackBerry Handheld Device Security Technical Implementation Guide	2012-10-01

Details

Check Text ( C-27007r2_chk )
Detailed Policy Requirement: BDM nor BWDM are required on BlackBerry users desktops, but if either are used, they must meet the following requirements: -For BDM, follow instructions found in USCYBERCOM IAVM Notice 2010-A-0132. If BWDM is used, the BlackBerry Administration Server (BAS) must be configured for Microsoft Active Directory authentication on the BES. Check Procedures: The site can use either BlackBerry Desktop Manager or BlackBerry Web Desktop Manager or neither. Check a sample of BlackBerry user PCs (2-3). If BlackBerry Desktop Manager is used, verify the requirements found in USCYBERCOM IAVM Notice 2010-A-0132 have been followed. If BlackBerry Web Desktop Manager is used, no further action is required since the BES review will verify the BES has been configured for Microsoft Active Directory authentication in check WIR1355-01 (V-22102).

Check Text ( C-27007r2_chk )

Detailed Policy Requirement:

BDM nor BWDM are required on BlackBerry users desktops, but if either are used, they must meet the following requirements:

-For BDM, follow instructions found in USCYBERCOM IAVM Notice 2010-A-0132.

If BWDM is used, the BlackBerry Administration Server (BAS) must be configured for Microsoft Active Directory authentication on the BES.

Check Procedures:

The site can use either BlackBerry Desktop Manager or BlackBerry Web Desktop Manager or neither. Check a sample of BlackBerry user PCs (2-3). If BlackBerry Desktop Manager is used, verify the requirements found in USCYBERCOM IAVM Notice 2010-A-0132 have been followed. If BlackBerry Web Desktop Manager is used, no further action is required since the BES review will verify the BES has been configured for Microsoft Active Directory authentication in check WIR1355-01 (V-22102).

Fix Text (F-23324r1_fix)
Configure BlackBerry Web Desktop Manager (BWDM) for CAC authentication, if used or use approved version of BlackBerry Desktop Manager.