Title

If the BlackBerry Presence service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured with the whitelisting control to limit presence subscriptions to only single domain/tenant. (Cat III impact)

Discussion

Whitelisting in Presence subscriptions is used to control which internal and federated environments can be subscribed to. Presence subscriptions should be limited to only DOD environments to control who has access to presence information on DOD users. This is an operational security (OPSEC) issue.

Check Content

This requirement is not applicable if the Presence service is not enabled on BEMS. Verify that Domain whitelisting has been configured. 1. Under the BlackBerry Service Configuration select "Presence". 2. Select "Settings". 3. Confirm "Enable domain whitelisting" has been checked. If "Enable domain whitelisting" is not selected, this is a finding.

Fix Text

Configure Domain Whitelisting for the Presence service. 1. Under the BlackBerry Service Configuration select "Presence". 2. Select "Settings". 3. Confirm "Enable domain whitelisting" has been checked. 4. Click the plus sign and add the domain to whitelist.

Additional Identifiers

Rule ID: SV-254731r879887_rule

Vulnerability ID: V-254731

Group Title: SRG-APP-000516-AS-000237

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.