STIGQter: STIG Summary: BlackBerry Enterprise Mobility Server 2.x Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The BlackBerry Enterprise Mobility Server (BEMS) must be configured to use DoD certificates for SSL.

DISA Rule

SV-93731r1_rule

Vulnerability Number

V-79025

Group Title

SRG-APP-000516-AS-000237

Rule Version

BEMS-00-013600

Severity

CAT II

CCI(s)

• CCI-002470 - The information system only allows the use of organization-defined certificate authorities for verification of the establishment of protected sessions.

Weight

10

Fix Recommendation

Replace the auto-generated BEMS SSL certificate with a DoD certificate as follows:

1. Generate a CSR request and obtain a certificate from the DoD CA.
2. Import the certificate into the BEMS keystore.
3. Update the certificate passwords in BEMS.

Check Contents

Verify a DoD SSL certificate has been installed on BEMS as follows:

1. Open the browser.
2. Browse to the BEMS dashboard.
3. Select SSL certificate and view the certificate.
4. Verify the certificate is a DoD certificate (has the DoD CA listed in the certificate).

If the SSL certificate installed on BEMS is not a DoD certificate, this is a finding.

Vulnerability Number

V-79025

Documentable

False

Rule Version

BEMS-00-013600

Severity Override Guidance

Verify a DoD SSL certificate has been installed on BEMS as follows:

1. Open the browser.
2. Browse to the BEMS dashboard.
3. Select SSL certificate and view the certificate.
4. Verify the certificate is a DoD certificate (has the DoD CA listed in the certificate).

If the SSL certificate installed on BEMS is not a DoD certificate, this is a finding.

Check Content Reference

M

Target Key

3259

Comments