Free DISA STIG and SRG Library | Vaulted

V-22056

All user and or group accounts must have an Access Control Rule assigned to the account.

Finding ID
WIR1350-01
Rule ID
SV-25492r3_rule
Severity
Cat II
CCE
(None)
Group Title
Disable BES MDS CS document search -01
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

The BES MDS Connection Service allows BlackBerry users to search the enclave for files and documents of interest to the user without any authentication requirements to the enclave. Access control requirements of the network can be bypassed.

Fix Text

The BES MDS Connection Service will be configured to disable browsing on the enclave for files and documents of interest. Each user and group account is assigned an Access Control Rule.

Check Content

Detailed Policy Requirements: The BES must be configured so that all network file share access by BlackBerry users has been blocked. A high-level "deny all" Access Control Rule policy must be set up and assigned to each user or group account. Check Procedures: Verify all user and group accounts have been assigned an Access Control Rule. On the BES, do the following: Select at least 20 user/group accounts at random from different offices/sites. Go to each selected user/group account: BAS >> BlackBerry solution management >> User >> Manage users >> select user >> Access control rules tab. Verify each user has been assigned an Access Control Rule. Write down the name of each Access Control Rule assigned to each account (the settings of each rule will be verified in WIR1350-02). If any user or group account has not been assigned an Access Control Rule, this is a finding.

Responsibility

System Administrator