STIGQter: STIG Summary: BlackBerry Enterprise Mobility Server 2.x Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The firewall protecting the BlackBerry Enterprise Mobility Server (BEMS) must be configured so that only DoD-approved ports, protocols, and services are enabled. See the DoD Ports, Protocols, Services Management (PPSM) Category Assurance Levels (CAL) list for DoD-approved ports, protocols, and services.

DISA Rule

SV-93719r1_rule

Vulnerability Number

V-79013

Group Title

SRG-APP-000142-AS-000014

Rule Version

BEMS-00-004000

Severity

CAT II

CCI(s)

• CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

10

Fix Recommendation

Turn off any ports, protocols, and services on the BEMS host-based firewall that are not on the DoD PPSM CAL list.

Check Contents

Ask the BEMS administrator for a list of ports, protocols, and services that have been configured on the host-based firewall of BEMS or generate the list by inspecting the firewall. Verify all allowed ports, protocols, and services are included on the DoD PPSM CAL list.

If any allowed ports, protocols, and services on the MDM host-based firewall are not included on the DoD PPSM CAL list, this is a finding.

Vulnerability Number

V-79013

Documentable

False

Rule Version

BEMS-00-004000

Severity Override Guidance

Ask the BEMS administrator for a list of ports, protocols, and services that have been configured on the host-based firewall of BEMS or generate the list by inspecting the firewall. Verify all allowed ports, protocols, and services are included on the DoD PPSM CAL list.

If any allowed ports, protocols, and services on the MDM host-based firewall are not included on the DoD PPSM CAL list, this is a finding.

Check Content Reference

M

Target Key

3259

Comments