An error occurred:

Check: BBDS-00-000310

BBDS10 2 X STIG: BBDS-00-000310 (in version v1 r5)

Title

The key store password for the certificate that the BlackBerry Administration Service (BAS) and BlackBerry Web Desktop Manager (BWDM) use must be changed from the default. (Cat II impact)

Discussion

The key store password protects the server digital authentication certificates from unauthorized use.

Check Content

When the BlackBerry Administration Service is installed the setup application generates a password for the web.keystore file. The web.keystore file stores the SSL certificate that the BlackBerry Administration Service uses to authenticate with browsers. You can change the web.keystore password after the installation process completes. All BlackBerry Administration Service instances in a BlackBerry Device Service domain must use the same web.keystore password. Consult the system administrator to determine if the default password was changed. If the default password has not been changed, this is a finding.

Fix Text

The key store password for the certificate that the BlackBerry Administration Service (BAS) and BlackBerry Web Desktop Manager (BWDM) use must be changed from the default. To change the web.keystore password, use the following procedure: Before you begin: To verify the current password for the web.keystore file, log in to the BlackBerry Administration Service using an administrator account with the Security Administrator role. Under "Servers and components" on the left side, navigate to "BlackBerry Solution topology > BlackBerry Domain> Component view > BlackBerry Administration Service", and check the "Security settings" section. 1. From the Windows machine with BlackBerry Enterprise Service 10, navigate to "Start > All Programs > BlackBerry Enterprise Service 10" and open "Configuration Tool for BlackBerry Enterprise Service 10". 2. On the "Administration Service - Web.Keystore" tab, type the current password. 3. Type a new password and confirm the new password. 4. Click "OK". 5. In the Windows Services, restart the BlackBerry Administration Service services. 6. Repeat steps 1 to 5 on each computer that hosts a BlackBerry Administration Service instance.

Additional Identifiers

Rule ID:

Vulnerability ID: V-48587

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000186

The information system, for PKI-based authentication, enforces authorized access to the corresponding private key.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-5 (2)

Pki-Based Authentication