STIGQter STIGQter: STIG Summary: BlackBerry Enterprise Mobility Server 2.x Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The BlackBerry Enterprise Mobility Server (BEMS) must protect the confidentiality and integrity of transmitted information through the use of an approved TLS version.

DISA Rule

SV-93721r3_rule

Vulnerability Number

V-79015

Group Title

SRG-APP-000439-AS-000155

Rule Version

BEMS-00-011400

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure BEMS to use approved versions of TLS.

1. Find the xml file "jetty.xml" located in the BEMS install directory on the BEMS host Windows server.
2. Find the "ExcludeProtocols" field and add all unauthorized versions or SSL and TLS.
<Set name="ExcludeProtocols">
<Array type="java.lang.String">
<Item>TLSv1</Item>
<Item>TLSv1.1</Item>
<Item>SSL</Item>
<Item>SSLv2</Item>
<Item>SSLv2Hello</Item>
<Item>SSLv3</Item>
3. Save the file.
4. Restart the BEMS server.

Check Contents

Verify BEMS has been configured to use only approved versions of TLS as follows:

1. Find the xml file "jetty.xml" located in the BEMS install directory on the BEMS host Windows server.
2. Find the "ExcludeProtocols" field.
3. Verify if unauthorized versions of SSL and TLS are listed in the "jetty.xml" file.

If BEMS has not been configured to use only approved versions of TLS, this is a finding.

Vulnerability Number

V-79015

Documentable

False

Rule Version

BEMS-00-011400

Severity Override Guidance

Verify BEMS has been configured to use only approved versions of TLS as follows:

1. Find the xml file "jetty.xml" located in the BEMS install directory on the BEMS host Windows server.
2. Find the "ExcludeProtocols" field.
3. Verify if unauthorized versions of SSL and TLS are listed in the "jetty.xml" file.

If BEMS has not been configured to use only approved versions of TLS, this is a finding.

Check Content Reference

M

Target Key

3259

Comments