The BlackBerry Enterprise Mobility Server (BEMS) must be configured to use HTTPS.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-79023 | BEMS-00-013500 | SV-93729r1_rule | High |
| Description |
|---|
| Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptographic mechanism in order to protect the information during transmission to web applications. This is usually achieved through the use of HTTPS. |
| STIG | Date |
|---|---|
| BlackBerry Enterprise Mobility Server 2.x Security Technical Implementation Guide | 2020-05-15 |
Details
| Check Text ( C-78611r1_chk ) |
|---|
| Verify BEMS has been configured to use HTTPS as follows: 1. In the BEMS Dashboard, under "BEMS System Settings", click "BEMS Configuration". 2. Click "BlackBerry Dynamics". 3. In the Protocol drop-down list, verify "HTTPS" is selected. If HTTPS is not configured on BEMS, this is a finding. |
| Fix Text (F-85773r1_fix) |
|---|
| Configure BEMS to use HTTPS as follows: 1. In the BEMS Dashboard, under "BEMS System Settings", click "BEMS Configuration". 2. Click "BlackBerry Dynamics". 3. In the Protocol drop-down list, select "HTTPS". |