The BlackBerry Enterprise Mobility Server (BEMS) must be configured to use HTTPS.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-79023 | BEMS-00-013500 | SV-93729r1_rule | CCI-000068 | high |
| Description | ||||
| Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptographic mechanism in order to protect the information during transmission to web applications. This is usually achieved through the use of HTTPS. | ||||
| STIG | Date | |||
| BlackBerry Enterprise Mobility Server 2.x Security Technical Implementation Guide | 2020-05-15 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AC-17(2)
1.00
- DISA · V1R3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.1.13
1.00
- DISA · V1R3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000068
1.00
- DISA · V1R3 · disa_xccdf · related
Details
Check Text (C-93729r1_chk)
Verify BEMS has been configured to use HTTPS as follows:
1. In the BEMS Dashboard, under "BEMS System Settings", click "BEMS Configuration".
2. Click "BlackBerry Dynamics".
3. In the Protocol drop-down list, verify "HTTPS" is selected.
If HTTPS is not configured on BEMS, this is a finding.
Fix Text (F-85773r1_fix)
Configure BEMS to use HTTPS as follows:
1. In the BEMS Dashboard, under "BEMS System Settings", click "BEMS Configuration".
2. Click "BlackBerry Dynamics".
3. In the Protocol drop-down list, select "HTTPS".