BlackBerry Enterprise Server (version 5.x) STIG, Part 1 in XCCDF format.
Part 1: BES architecture and training requirements.
Part 2: BES configuration requirements.
Part 3: BES IT Policy configuration requirements.
Onset Technologies METAmessage software must not be installed on DoD BlackBerry devices or on the BES.
Onset Technologies METAmessage software is production software which may introduce a virus or other malicious code on the system. This software is not approved for use on DoD systems.System AdministratorInformation Assurance OfficerECWN-1
Only the BlackBerry Enterprise Server (BES) email solution must be used.
If the required BlackBerry system is not used, DoD networks are at risk of being penetrated or DoD data could be exposed.Information Assurance OfficerECSC-1
Any services installed with the BES (for example IIS, SQL, Apache Web Server, etc.) must be reviewed for STIG compliance in accordance with the appropriate SQL, Apache Web Server, or IIS STIGs.
The server must be compliant with the SQL STIG, Apache Web Server STIG, and/or IIS STIG to ensure the system is not vulnerable to attack resulting in a Denial of Service or compromise of the wireless email server.
Note: Some of these services are optional and may not be installed on a specific host server during the BES installation.System AdministratorInformation Assurance OfficerECSC-1
Required version of the BlackBerry Enterprise Server (BES) must be installed.
Earlier versions of the BES have security vulnerabilities. CYBERCOM IAVA directs all DoD installations upgrade to required version due to BlackBerry ending support for version 4.1.6 and 4.1.7 as of 2 July 2011.System AdministratorECSC-1