BlackBerry Enterprise Mobility Server 3.x Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The BlackBerry Enterprise Mobility Server (BEMS) must be configured to use Windows Authentication for the database connection.
<VulnDiscussion>To ensure accountability and prevent unauthorized access, organizational users must be identified and authenticated. Organiza...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The BlackBerry Enterprise Mobility Server (BEMS) must be configured to use HTTPS.
<VulnDiscussion>Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptogr...Rule High Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The BlackBerry Enterprise Mobility Server (BEMS) must be configured to use DOD certificates for SSL.
<VulnDiscussion>Untrusted Certificate Authorities (CA) can issue certificates, but they may be issued by organizations or individuals that se...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The BlackBerry Enterprise Mobility Server (BEMS) must be configured with an inactivity timeout of 15 minutes or less.
<VulnDiscussion>A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinit...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
If the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use Windows Authentication for the database connection.
<VulnDiscussion>To assure accountability and prevent unauthorized access, organizational users must be identified and authenticated. Organiza...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
If the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use Windows Integrated Authentication for the Exchange connection.
<VulnDiscussion>To ensure accountability and prevent unauthorized access, organizational users must be identified and authenticated. Organiza...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
If the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to Enable SSL LDAP when using LDAP Lookup for users.
<VulnDiscussion>Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptogr...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
If the Mail service (Push Notifications support for BlackBerry Work) is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to Enable SSL LDAP for certificate directory lookup.
<VulnDiscussion>Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptogr...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
If the BlackBerry Connect service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use Windows Authentication for the database connection.
<VulnDiscussion>To ensure accountability and prevent unauthorized access, organizational users must be identified and authenticated. Organiza...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
If the BlackBerry Connect service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to enable SSL support for BlackBerry Proxy and use only DOD approved certificates.
<VulnDiscussion>Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptogr...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.