The firewall protecting the BlackBerry Enterprise Mobility Server (BEMS) must be configured so that only DOD-approved ports, protocols, and services are enabled.

All ports, protocols, and services used on DOD networks must be approved and registered via the DOD PPSM process. This is to ensure that a risk assessment has been completed before a new port, protocol, or service is configured on a DOD network and has been approved by proper DOD authorities. Otherwise, the new port, protocol, or service could cause a vulnerability to the DOD network, which could be exploited by an adversary. See the DOD Ports, Protocols, Services Management (PPSM) Category Assurance Levels (CAL) list for DOD-approved ports, protocols, and services.