Title

If the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to Enable SSL LDAP for certificate directory lookup. (Cat II impact)

Discussion

Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptographic mechanism in order to protect the information during transmission. This is usually achieved through the use of Transport Layer Security (TLS) or SSL.

Check Content

This requirement is not applicable if the Mail service (Push Notifications support for BlackBerry Work) is not enabled on BEMS. Verify Enable SSL LDAP for LDAP Lookup for certificates for the Mail service is configured in BEMS as follows: 1. In the BEMS Dashboard, under BlackBerry Services Configuration, click mail and then click Certificate Directory Lookup 2. If the Enable LDAP Lookup has been selected, verify the Enable SSL LDAP check box is also selected. When LDAP Lookup for certificates has been configured on BEMS, if Enable SSL LDAP is not configured, this is a finding.

Fix Text

Enable SSL LDAP when using LDAP Lookup for certificates for the Mail service in BEMS as follows: 1. In the BEMS Dashboard, under "BlackBerry Services Configuration", click "Mail". 2. Click "Certificate Directory Lookup". 3. Select the "Enable LDAP Lookup" check box. 4. Select the "Enable SSL LDAP" check box. 5. Click "Save".

Additional Identifiers

Rule ID: SV-93741r1_rule

Vulnerability ID: V-79035

Group Title: SRG-APP-000516-AS-000237

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.