Check: WIR1095-01
BlackBerry Handheld Device:
WIR1095-01
(in versions v2 r11 through v2 r1)
Title
BlackBerry Web Desktop Manager (BWDM) or BlackBerry Desktop Manager (BDM) must be configured as required. (Cat III impact)
Discussion
The BWDM provides the capability for users to self provision their BlackBerry, and to synchronize the BlackBerrys to the BES. The BWDM works by providing a web client interface to the BlackBerry database via the BlackBerry Administrative Service (BAS). Users must log into the BAS to access the data service. The BAS is a private web server. CTO 0715rev 1 requires either CAC authentication or a complex 15-character password to log into DoD private web servers. DoD users must use their CAC for authentication to the BAS because they do not know their 256 character AD password.
Check Content
Detailed Policy Requirement: BDM nor BWDM are required on BlackBerry users desktops, but if either are used, they must meet the following requirements: -For BDM, follow instructions found in USCYBERCOM IAVM Notice 2010-A-0132. If BWDM is used, the BlackBerry Administration Server (BAS) must be configured for Microsoft Active Directory authentication on the BES. Check Procedures: The site can use either BlackBerry Desktop Manager or BlackBerry Web Desktop Manager or neither. Check a sample of BlackBerry user PCs (2-3). If BlackBerry Desktop Manager is used, verify the requirements found in USCYBERCOM IAVM Notice 2010-A-0132 have been followed. If BlackBerry Web Desktop Manager is used, no further action is required since the BES review will verify the BES has been configured for Microsoft Active Directory authentication in check WIR1355-01 (V-22102).
Fix Text
Configure BlackBerry Web Desktop Manager (BWDM) for CAC authentication, if used or use approved version of BlackBerry Desktop Manager.
Additional Identifiers
Rule ID: SV-25495r3_rule
Vulnerability ID: V-22058
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |