An error occurred:

Check: BEMS-03-014800

BlackBerry Enterprise Mobility Server 3.x STIG: BEMS-03-014800 (in versions v1 r2 through v1 r1)

Title

The BlackBerry Enterprise Mobility Server (BEMS) server must be configured to enable FIPS mode. (Cat II impact)

Discussion

Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified and cannot be relied upon to provide confidentiality or integrity, and DOD data may be compromised due to weak algorithms. In addition, the application must be configured to use the FIPS version of all cryptographic algorithms and modules.

Check Content

Verify FIPS Mode is enabled for BEMS. 1. Under BEMS Systems Settings select "BEMS Configuration". 2. Select "FIPS Mode". 3. Confirm "Enable FIPS Mode for Cluster" has been selected. If "Enable FIPS Mode for Cluster" is not selected, this is a finding.

Fix Text

Enable FIPS Mode for BEMS. 1. In the BEMS Dashboard, under "BEMS Configuration", click "FIPS Mode". 2. Check the box "Enable FIPS Mode for Cluster". 3. Click "Save".

Additional Identifiers

Rule ID: SV-254729r879616_rule

Vulnerability ID: V-254729

Group Title: SRG-APP-000179-AS-000129

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000803

The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-7

Cryptographic Module Authentication