An error occurred:

BlackBerry Enterprise Server, Part 2 Version Comparison

BlackBerry Enterprise Server (version 5.x), Part 2 Security Technical Implementation Guide

Comparison

There are 1 differences between versions v2 r8 (July 24, 2015) (the "left" version) and v2 r10 (Jan. 26, 2018) (the "right" version).

Check WIR1340-01 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Text Differences

Title

BlackBerry accounts must not be assigned to the default IT policy installed on the BES or any other non-STIG compliant IT policy. Accounts will only be assigned a STIG compliant IT policy.

Check Content

Detailed Policy Requirements: 1. Separate STIG compliant IT policies will be set up on the BES: one for users that have been issued an approved Bluetooth headset/handsfree device and one for users that have not been issued an approved Bluetooth headset/handsfree device. 2. All user accounts will be assigned to a STIG compliant IT policy. Check Procedures: Interview the BlackBerry system administrator. Ask the administrator to identify the default IT policy installed on the BES (usually labeled "Default") and any other non-STIG compliant IT policies set up on the BES. View the list of IT policies set up on the BES as follows: BAS >> BlackBerry solution management box >> Policy >> Manage IT policies Verify no users are assigned to the default IT policy or any other non-STIG IT policy by performing the following steps for each policy. For the default IT policy policy: - and Click on the policy name. - Click on "View users with IT policy". - Click "Search". A list of all users assigned to the policy will be shown. - Determine if any users have been assigned to the default or other non-STIG compliant IT policy. If any users have been assigned to the default IT policy, this is a finding. Note: If the default IT policy has been configured to be STIG compliant, the severity of this specific finding may be downgraded to a CAT II. For the non-STIG compliant policies, look at each IT policy listed under Manage “Manage IT policies policies” to be checked: - Click on the policy name. - Click on "View users with IT policy". - Click "Search". A list of all users assigned to the policy will be shown. - Click on the "IT Policy Name" column heading to sort the list of users by IT policy. - Determine if any users have been assigned to the default or non-STIG compliant IT policy. If any users have been assigned to other the non-STIG compliant IT policy. policy, If yes, this is a finding. Note: IT policies identified by the BES administrator as STIG compliant should be reviewed to verify compliance when reviewing the WIR14xx series of checks.

Discussion

The BlackBerry default policy installed on the BES does not include many DoD-required security policies for data encryption, authentication, and access control. DoD enclaves are at risk of data exposure and hacker attack if users are assigned to a the default (or other non-STIG compliant) compliant IT policy.

Fix

User accounts will only be assigned a STIG compliant IT policy.