Title

If the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use SSL for LDAP lookup to connect to the Office Web App Server (e.g., SharePoint). (Cat I impact)

Discussion

Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptographic mechanism in order to protect the information during transmission. This is usually achieved through the use of Transport Layer Security (TLS) or SSL.

Check Content

This requirement is not applicable if the BlackBerry Docs service is not enabled on BEMS. Verify the BlackBerry Docs service is configured to use SSL for LDAP Lookup to connect to the Office Web App Server (e.g., SharePoint) as follows: 1. In the BEMS Dashboard, under "BlackBerry Services Configuration", click "Docs". 2. Click "Settings". 3. Verify "Use SSL for LDAP" is selected. If SSL for LDAP is not enabled for the BlackBerry Docs service, this is a finding.

Fix Text

This requirement is not applicable if the BlackBerry Docs service is not enabled on BEMS. Configure the BlackBerry Docs service to use SSL for LDAP Lookup to connect to the Office Web App Server (e.g., SharePoint) as follows: 1. In the BEMS Dashboard, under "BlackBerry Services Configuration", click "Docs". 2. Click "Settings". 3. Select the "Enable Kerberos Constrained Delegation" check box to allow Docs to use Kerberos constrained delegation. 4. Enter each of the Microsoft SharePoint Online domains you plan to make available. 5. Enter the URL for your approved Office Web App Server. 6. Provide your Microsoft Active Directory user domains (separated by commas) and then enter the corresponding LDAP Port. 7. Select the "Use SSL for LDAP" check box. 8. Click "Save".

Additional Identifiers

Rule ID: SV-93751r1_rule

Vulnerability ID: V-79045

Group Title: SRG-APP-000516-AS-000237

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.