STIGQter STIGQter: STIG Summary: BlackBerry Enterprise Mobility Server 2.x Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The BlackBerry Enterprise Mobility Server (BEMS) must remove all export ciphers to protect the confidentiality and integrity of transmitted information.

DISA Rule

SV-93723r2_rule

Vulnerability Number

V-79017

Group Title

SRG-APP-000439-AS-000274

Rule Version

BEMS-00-011500

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure BEMS to remove all export ciphers.

1. Find the xml file "jetty.xml" located in the BEMS install directory on the BEMS host Windows server.
2. Find the "AllowCiphersSuites" field and remove all cipher suites that are not approved. (See NIST SP 800-53r2 for a list of approved TLS suites.)
3. Save file.
4. Restart the BEMS server.

Check Contents

Verify BEMS has been configured to remove all export ciphers:

1. Find the xml file "jetty.xml" located in the BEMS install directory on the BEMS host Windows server.
2. Find the "AllowCiphersSuites" field.
3. Verify if any export ciphers are listed in the "jetty.xml" file. Verify only approved cypher suites are included. (See NIST SP 800-53r2 for a list of approved TLS suites.)

If BEMS has been configured to use export ciphers, this is a finding.

Vulnerability Number

V-79017

Documentable

False

Rule Version

BEMS-00-011500

Severity Override Guidance

Verify BEMS has been configured to remove all export ciphers:

1. Find the xml file "jetty.xml" located in the BEMS install directory on the BEMS host Windows server.
2. Find the "AllowCiphersSuites" field.
3. Verify if any export ciphers are listed in the "jetty.xml" file. Verify only approved cypher suites are included. (See NIST SP 800-53r2 for a list of approved TLS suites.)

If BEMS has been configured to use export ciphers, this is a finding.

Check Content Reference

M

Target Key

3259

Comments