Any services installed with the BES (for example IIS, SQL, Apache Web Server, etc.) must be reviewed for STIG compliance in accordance with the appropriate SQL, Apache Web Server, or IIS STIGs.

From BlackBerry Enterprise Server (version 5.x), Part 1 Security Technical Implementation Guide

Part of Services installed on BES host server reviewed for STIG compliance

Associated with IA controls: ECSC-1

SV-14810r4_rule Any services installed with the BES (for example IIS, SQL, Apache Web Server, etc.) must be reviewed for STIG compliance in accordance with the appropriate SQL, Apache Web Server, or IIS STIGs.

Vulnerability discussion

The server must be compliant with the SQL STIG, Apache Web Server STIG, and/or IIS STIG to ensure the system is not vulnerable to attack resulting in a Denial of Service or compromise of the wireless email server.Note: Some of these services are optional and may not be installed on a specific host server during the BES installation.

Check content

Work with the OS reviewer or check VMS for last review of each host BES computer asset. The review should include any services installed on the host server when the BES is installed (for example: SQL server, Apache Web Server, etc.). Note: Some of these services are optional and may not be installed on a specific host server during the BES installation. SRL is an optional install when the BES is installed, while Apache Web server is a required install. The review must also include an Apache Web Server review if BES 5.0 or later is used. (The BlackBerry Administration Service (BAS) on BES 5.x includes an Apache Web Server.) Verify there are no outstanding CAT I findings associated with each server installed when the BES is installed. Note: If IIS is installed on the server, an IIS review must also be performed. a. IIS is required for the Exchange ESM. If a site uses the new MAPI/CDO Tools from Microsoft, then the IIS is not required. See http://www.microsoft.com/downloads/details.aspx?familyid=E17E7F31-079A-43A9-BFF2-0A110307611E&displaylang=en. b. IIS is not required for BlackBerry Enterprise Server. If required reviews have not been performed during a SRR or site self-check, this is a finding.

Fix text

The host server where the BlackBerry Enterprise Server (BES) is installed is reviewed in accordance with the appropriate SQL, Apache Web Server, and IIS STIGs if these services are installed when the BES is installed.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer