Title

The BES12 server must be configured to disable a users capability to perform self-service tasks. (Cat II impact)

Discussion

The security posture of a BlackBerry device or the DoD BlackBerry service could be compromised if users are able to perform self-service tasks, including activating unauthorized devices. In the DoD environment, strict configuration management of the security posture is required to protect sensitive DoD data and network security. SFR ID: FMT

Check Content

Review the BES12 server configuration to determine if it is configured to disable a user's capability to perform self-service tasks. On the BES12, do the following: 1. Log on to the BES12 console and select the "Settings" tab at the top of the screen. 2. Expand the "General" settings tab on the left pane. 3. Select "Self-Service" from the menu in the left pane. 4. Verify the check box next to "Allow users to access the self-service console" is not checked. If the checkbox next to "Allow users to access the self-service console" is checked, this is a finding.

Fix Text

On the BES12, do the following: 1. Log on to the BES12 console and select the "Settings” tab at the top of the screen. 2. Expand the General settings tab on the left pane. 3. Select Self-Service from the menu in the left pane. 4. Unselect the checkbox next to "Allow users to access the self-service console". 5. Click "Save".

Additional Identifiers

Rule ID: SV-83193r2_rule

Vulnerability ID: V-68703

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.