STIGQter STIGQter: STIG Summary: BlackBerry Enterprise Mobility Server 2.x Security Technical Implementation Guide

Version: 1

Release: 2 Benchmark Date: 25 Jan 2019

CheckedNameTitle
SV-93709r1_ruleThe BlackBerry Enterprise Mobility Server (BEMS) must protect log information from any type of unauthorized read access.
SV-93711r1_ruleThe BlackBerry Enterprise Mobility Server (BEMS) must protect log information from unauthorized modification.
SV-93713r1_ruleThe BlackBerry Enterprise Mobility Server (BEMS) must protect log information from unauthorized deletion.
SV-93715r1_ruleThe BlackBerry Enterprise Mobility Server (BEMS) platform must be protected by a DoD-approved firewall.
SV-93717r1_ruleThe firewall protecting the BlackBerry Enterprise Mobility Server (BEMS) must be configured to restrict all network traffic to and from all addresses with the exception of ports, protocols, and IP address ranges required to support BEMS functions.
SV-93719r1_ruleThe firewall protecting the BlackBerry Enterprise Mobility Server (BEMS) must be configured so that only DoD-approved ports, protocols, and services are enabled. See the DoD Ports, Protocols, Services Management (PPSM) Category Assurance Levels (CAL) list for DoD-approved ports, protocols, and services.
SV-93721r2_ruleThe BlackBerry Enterprise Mobility Server (BEMS) must protect the confidentiality and integrity of transmitted information through the use of an approved TLS version.
SV-93723r1_ruleThe BlackBerry Enterprise Mobility Server (BEMS) must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
SV-93725r1_ruleThe BlackBerry Enterprise Mobility Server (BEMS) must be configured to have at least one user in the following Administrator roles: Server primary administrator, auditor.
SV-93727r1_ruleThe BlackBerry Enterprise Mobility Server (BEMS) must be configured to use Windows Authentication for the database connection.
SV-93729r1_ruleThe BlackBerry Enterprise Mobility Server (BEMS) must be configured to use HTTPS.
SV-93731r1_ruleThe BlackBerry Enterprise Mobility Server (BEMS) must be configured to use DoD certificates for SSL.
SV-93733r1_ruleThe BlackBerry Enterprise Mobility Server (BEMS) must be configured with an inactivity timeout of 15 minutes or less.
SV-93735r1_ruleIf the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use Windows Authentication for the database connection.
SV-93737r1_ruleIf the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use Windows Integrated Authentication for the Exchange connection.
SV-93739r1_ruleIf the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to Enable SSL LDAP when using LDAP Lookup for users.
SV-93741r1_ruleIf the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to Enable SSL LDAP for certificate directory lookup.
SV-93743r1_ruleIf the BlackBerry Connect service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use Windows Authentication for the database connection.
SV-93745r1_ruleIf the BlackBerry Connect service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to enable SSL support for BlackBerry Proxy and use only DoD approved certificates.
SV-93747r1_ruleIf the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use Windows Authentication for the database connection.
SV-93749r1_ruleIf the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use NTLM authentication.
SV-93751r1_ruleIf the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use SSL for LDAP lookup to connect to the Office Web App Server (e.g., SharePoint).
SV-93753r1_ruleIf the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to enable audit logs.