BlackBerry Enterprise Mobility Server 3.x Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000119-AS-000079
Group -
SRG-APP-000120-AS-000080
Group -
The BlackBerry Enterprise Mobility Server (BEMS) must protect log information from unauthorized deletion.
If log data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. App...Rule Medium Severity -
SRG-APP-000142-AS-000014
Group -
The BlackBerry Enterprise Mobility Server (BEMS) platform must be protected by a DOD-approved firewall.
Most information systems are capable of providing a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential organiza...Rule Medium Severity -
SRG-APP-000142-AS-000014
Group -
The firewall protecting the BEMS must be configured to restrict all network traffic to and from all addresses with the exception of ports, protocols, and IP address ranges required to support BEMS functions.
Most information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organi...Rule Medium Severity -
SRG-APP-000142-AS-000014
Group -
If the BlackBerry Presence service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured with the whitelisting control to limit presence subscriptions to only single domain/tenant.
Whitelisting in Presence subscriptions is used to control which internal and federated environments can be subscribed to. Presence subscriptions should be limited to only DOD environments to contro...Rule Low Severity -
SRG-APP-000439-AS-000155
Group -
SRG-APP-000439-AS-000274
Group -
The BlackBerry Enterprise Mobility Server (BEMS) must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
During the initial setup of a Transport Layer Security (TLS) connection to the application server, the client sends a list of supported cipher suites in order of preference. The application server ...Rule Medium Severity -
SRG-APP-000516-AS-000237
Group -
The BlackBerry Enterprise Mobility Server (BEMS) must be configured to have at least one user in the following Administrator roles: Server primary administrator, auditor.
Having several administrative roles for the BEMS supports separation of duties. This allows administrator-level privileges to be granted granularly, such as giving application management privileges...Rule Medium Severity -
SRG-APP-000516-AS-000237
Group -
SRG-APP-000516-AS-000237
Group -
If the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to enable the proxy server authentication type (if a proxy is used).
The web proxy provides a secure gateway for the BlackBerry Docs service so that BEMS can securely connect to enterprise servers.Rule Medium Severity -
SRG-APP-000516-AS-000237
Group -
The BlackBerry Enterprise Mobility Server (BEMS) must be configured to use HTTPS.
Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptographic mechanism to protect the information during transmission to web ap...Rule High Severity -
SRG-APP-000516-AS-000237
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.