Check: WIR1325-01
BlackBerry Enterprise Server, Part 2:
WIR1325-01
(in versions v2 r10 through v2 r8)
Title
Required security controls must be used when BlackBerry Wi-Fi is used by the site to connect to a DoD Wi-Fi network. Required security controls are in Table 2, BlackBerry STIG Configuration Tables. (Cat III impact)
Discussion
If BlackBerry Wi-Fi controls are not implemented, DoD data can be compromised.
Check Content
Ask the BlackBerry system administrator if the site uses BlackBerry Wi-Fi to connect to DoD WLAN. If yes, verify the following actions have occurred: 1. Determine which BlackBerry users have been approved to use BlackBerry Wi-Fi to connect to the DoD WLAN. Ask the ISSO or BlackBerry SA for names of site BlackBerry users that have been authorized to use BlackBerry Wi-Fi Service. 2. Verify these users have been assigned a WLAN Configuration Set (profile). Verify that authorized users have been assigned a WLAN profile as follows (select two or three users to check). - On the BAS, in the BlackBerry solution management box, expand "User" and click on "Manage users". Then, click on search in the center screen. A list of all users assigned to the BES will be available. - Click the user account to verify a WLAN profile has been assigned. - Click on the "WLAN configuration" tab. - Look to see the name of the WLAN configuration (profile) that has been assigned to the user (if any). -Verify each assigned WLAN Configuration Set (profile) is configured as required. The required configuration is listed in Table C-2 of the BlackBerry STIG Overview (see procedure below). 3. Verify each assigned WLAN Configuration Set (profile) is configured as required. The required configuration is listed in Table C-2 of the BlackBerry STIG Overview (see procedure below). If any user accounts authorized for WLAN do not have a WLAN configuration assigned to the account, this is a finding. The setup of each WLAN Configuration Set on the BES can be viewed as follows: - BAS >> BlackBerry solution management box >> Policy >> WLAN configuration >> Manage WLAN configurations. - For each listed WLAN configuration to be checked, click on the configuration, then click on the "WLAN configuration data" tab. - Verify rules are set as shown in Table C-2 (only rules with "Required" settings need to be verified). If the WLAN profile has not been configured as required, this is a finding.
Fix Text
Required security controls used when BlackBerry Wi-Fi is used by the site to connect to a DoD Wi-Fi network.
Additional Identifiers
Rule ID: SV-21113r3_rule
Vulnerability ID: V-19224
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |