Free DISA STIG and SRG Library | Vaulted

V-14199

Any services installed with the BES (for example IIS, SQL, Apache Web Server, etc.) must be reviewed for STIG compliance in accordance with the appropriate SQL, Apache Web Server, or IIS STIGs.

Finding ID
WIR1210-01
Rule ID
SV-14810r4_rule
Severity
Cat II
CCE
(None)
Group Title
Services installed on BES host server reviewed for STIG compliance
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

The server must be compliant with the SQL STIG, Apache Web Server STIG, and/or IIS STIG to ensure the system is not vulnerable to attack resulting in a Denial of Service or compromise of the wireless email server. Note: Some of these services are optional and may not be installed on a specific host server during the BES installation.

Fix Text

The host server where the BlackBerry Enterprise Server (BES) is installed is reviewed in accordance with the appropriate SQL, Apache Web Server, and IIS STIGs if these services are installed when the BES is installed.

Check Content

Work with the OS reviewer or check VMS for last review of each host BES computer asset. The review should include any services installed on the host server when the BES is installed (for example: SQL server, Apache Web Server, etc.). Note: Some of these services are optional and may not be installed on a specific host server during the BES installation. SRL is an optional install when the BES is installed, while Apache Web server is a required install. The review must also include an Apache Web Server review if BES 5.0 or later is used. (The BlackBerry Administration Service (BAS) on BES 5.x includes an Apache Web Server.) Verify there are no outstanding CAT I findings associated with each server installed when the BES is installed. Note: If IIS is installed on the server, an IIS review must also be performed. a. IIS is required for the Exchange ESM. If a site uses the new MAPI/CDO Tools from Microsoft, then the IIS is not required. See http://www.microsoft.com/downloads/details.aspx?familyid=E17E7F31-079A-43A9-BFF2-0A110307611E&displaylang=en. b. IIS is not required for BlackBerry Enterprise Server. If required reviews have not been performed during a SRR or site self-check, this is a finding.

Responsibility

System Administrator

IA Controls

ECSC-1