| Checked | Name | Title |
|---|
| ☐ | SV-93709r1_rule | The BlackBerry Enterprise Mobility Server (BEMS) must protect log information from any type of unauthorized read access. |
| ☐ | SV-93711r1_rule | The BlackBerry Enterprise Mobility Server (BEMS) must protect log information from unauthorized modification. |
| ☐ | SV-93713r1_rule | The BlackBerry Enterprise Mobility Server (BEMS) must protect log information from unauthorized deletion. |
| ☐ | SV-93715r1_rule | The BlackBerry Enterprise Mobility Server (BEMS) platform must be protected by a DoD-approved firewall. |
| ☐ | SV-93717r1_rule | The firewall protecting the BlackBerry Enterprise Mobility Server (BEMS) must be configured to restrict all network traffic to and from all addresses with the exception of ports, protocols, and IP address ranges required to support BEMS functions. |
| ☐ | SV-93719r1_rule | The firewall protecting the BlackBerry Enterprise Mobility Server (BEMS) must be configured so that only DoD-approved ports, protocols, and services are enabled. See the DoD Ports, Protocols, Services Management (PPSM) Category Assurance Levels (CAL) list for DoD-approved ports, protocols, and services. |
| ☐ | SV-93721r3_rule | The BlackBerry Enterprise Mobility Server (BEMS) must protect the confidentiality and integrity of transmitted information through the use of an approved TLS version. |
| ☐ | SV-93723r2_rule | The BlackBerry Enterprise Mobility Server (BEMS) must remove all export ciphers to protect the confidentiality and integrity of transmitted information. |
| ☐ | SV-93725r1_rule | The BlackBerry Enterprise Mobility Server (BEMS) must be configured to have at least one user in the following Administrator roles: Server primary administrator, auditor. |
| ☐ | SV-93727r1_rule | The BlackBerry Enterprise Mobility Server (BEMS) must be configured to use Windows Authentication for the database connection. |
| ☐ | SV-93729r1_rule | The BlackBerry Enterprise Mobility Server (BEMS) must be configured to use HTTPS. |
| ☐ | SV-93731r1_rule | The BlackBerry Enterprise Mobility Server (BEMS) must be configured to use DoD certificates for SSL. |
| ☐ | SV-93733r2_rule | The BlackBerry Enterprise Mobility Server (BEMS) must be configured with an inactivity timeout of 15 minutes or less. |
| ☐ | SV-93735r1_rule | If the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use Windows Authentication for the database connection. |
| ☐ | SV-93737r1_rule | If the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use Windows Integrated Authentication for the Exchange connection. |
| ☐ | SV-93739r1_rule | If the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to Enable SSL LDAP when using LDAP Lookup for users. |
| ☐ | SV-93741r1_rule | If the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to Enable SSL LDAP for certificate directory lookup. |
| ☐ | SV-93743r1_rule | If the BlackBerry Connect service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use Windows Authentication for the database connection. |
| ☐ | SV-93745r1_rule | If the BlackBerry Connect service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to enable SSL support for BlackBerry Proxy and use only DoD approved certificates. |
| ☐ | SV-93747r1_rule | If the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use Windows Authentication for the database connection. |
| ☐ | SV-93749r1_rule | If the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use NTLM authentication. |
| ☐ | SV-93751r1_rule | If the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use SSL for LDAP lookup to connect to the Office Web App Server (e.g., SharePoint). |
| ☐ | SV-93753r1_rule | If the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to enable audit logs. |
STIGQter: STIG Summary: