Check: BEMS-00-014000
BlackBerry Enterprise Mobility Server 2.x STIG:
BEMS-00-014000
(in versions v2 r0.1 through v1 r0.1)
Title
If the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to Enable SSL LDAP when using LDAP Lookup for users. (Cat II impact)
Discussion
Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptographic mechanism in order to protect the information during transmission. This is usually achieved through the use of Transport Layer Security (TLS) or SSL.
Check Content
This requirement is not applicable if the Mail service (Push Notifications support for BlackBerry Work) is not enabled on BEMS. Verify Enable SSL LDAP for LDAP Lookup for users for the Mail service is configured in BEMS as follows: 1. In the BEMS Dashboard, under "BlackBerry Services Configuration", click "Mail". 2. Click "User Directory Lookup". 3. If the "Enable LDAP Lookup" has been selected, verify the "Enable SSL LDAP" check box is also selected. When LDAP Lookup for user has been configured on BEMS, if Enable SSL LDAP is not configured, this is a finding.
Fix Text
Enable SSL LDAP when using LDAP Lookup for users for the Mail service in BEMS as follows: 1. In the BEMS Dashboard, under "BlackBerry Services Configuration", click "Mail". 2. Click "User Directory Lookup". 3. Select the "Enable LDAP Lookup" check box. 4. Select the "Enable SSL LDAP" check box. 5. Click "Save".
Additional Identifiers
Rule ID: SV-93739r1_rule
Vulnerability ID: V-79033
Group Title: SRG-APP-000516-AS-000237
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000068 |
The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions. |
Controls
Number | Title |
---|---|
AC-17 (2) |
Protection Of Confidentiality / Integrity Using Encryption |