An error occurred:

Check: BEMS-00-013500

BlackBerry Enterprise Mobility Server 2.x STIG: BEMS-00-013500 (in versions v2 r0.1 through v1 r0.1)

Title

The BlackBerry Enterprise Mobility Server (BEMS) must be configured to use HTTPS. (Cat I impact)

Discussion

Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptographic mechanism in order to protect the information during transmission to web applications. This is usually achieved through the use of HTTPS.

Check Content

Verify BEMS has been configured to use HTTPS as follows: 1. In the BEMS Dashboard, under "BEMS System Settings", click "BEMS Configuration". 2. Click "BlackBerry Dynamics". 3. In the Protocol drop-down list, verify "HTTPS" is selected. If HTTPS is not configured on BEMS, this is a finding.

Fix Text

Configure BEMS to use HTTPS as follows: 1. In the BEMS Dashboard, under "BEMS System Settings", click "BEMS Configuration". 2. Click "BlackBerry Dynamics". 3. In the Protocol drop-down list, select "HTTPS".

Additional Identifiers

Rule ID: SV-93729r1_rule

Vulnerability ID: V-79023

Group Title: SRG-APP-000516-AS-000237

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000068

Implement cryptographic mechanisms to protect the confidentiality of remote access sessions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-17(2)

Protection of Confidentiality and Integrity Using Encryption