An error occurred:

Check: BBDS-00-000132

Policy SRG: BBDS-00-000132 (in version v1 r1)

Title

If the BlackBerry Device Service server includes a mobile email management capability, the email client S/MIME encryption algorithm must be 3DES or AES. When AES is used, AES 128 bit encryption key length is the minimum requirement; AES 256 desired. (Cat II impact)

Discussion

Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data. In this case the requirement states that S/MIME must utilize a 3DES or AES encryption algorithm.

Check Content

Review the BlackBerry Device Service server configuration to determine whether there is administrative functionality to configure the encryption algorithms used to encrypt S/MIME protected email messages. If this function is not present, this is a finding. The "Allowed Content Ciphers" profile setting specifies the encryption algorithms that a BlackBerry device can use to encrypt S/MIME-protected email messages. IT policy rules can be specified per group or per user. To add an IT policy to a group: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Group. 2. Click Manage groups. 3. Click the name of the group. 4. Click Edit group. 5. Click the Policies tab. 6. In the IT policy list, select the IT policy. 7. Click Save all. To add an IT policy to a user account: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. 2. Click Manage users. 3. Search for a user account. 4. In the search results, select the check box for the user account. 5. In the Add to user configuration list, click Set IT policy. 6. In the IT policy drop-down list, select the IT policy. 7. Click Save. For more details and information, please see the "Setting up device controls" section of the BlackBerry Enterprise Service 10 BlackBerry Device Service, Version: 6.2 Administration Guide.

Fix Text

Configure the centrally managed BlackBerry Device Service server security policy rule to specify the encryption algorithms used to encrypt S/MIME protected email messages with 3DES or AES encryption.

Additional Identifiers

Rule ID:

Vulnerability ID: BBDS-00-000132

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001144

The information system implements required cryptographic protections using cryptographic modules that comply with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check