|
Blackberry
Enterprise Server Implementation Guidelines
BES IT Policy Settings
Introduction
This is not the full list of settings for BES version 3.6.
Those not in these lists were not considered by DSD to have a direct
impact on security and therefore are left up to the discretion of each
agency.
Ungrouped Device-only Items
The following settings are ungrouped device-only items:
|
|
|
|
Password required |
|
|
Allow PIN to PIN |
|
|
Minimum password length |
|
|
Users can disable passwords |
|
|
Maximum security timeout |
|
|
Maximum password age |
|
|
User can change timeout |
|
|
Password pattern checks |
|
|
Enable long term timeout |
|
|
Enable WAP configuration |
|
Ungrouped Desktop-only Items
The following settings are ungrouped desktop-only items:
|
|
|
|
Show application loader |
|
|
Force load count |
|
|
Email conflict desktop wins |
|
|
Auto backup enabled |
|
|
Auto backup frequency |
|
|
Auto backup include all |
|
|
Allow other email services |
|
Password Policy Group
The following group of settings control the use of passwords:
|
|
|
|
Set password timeout |
|
|
Set maximum pasword attempts |
|
|
Suppress password echo |
|
|
Maximum password history |
|
Compressed MIME (CMIME) Application Policy Group
The following group of settings control the use of Compressed MIME:
|
|
|
|
Disable revoked certificate use |
|
|
Disable Peer to Peer normal send |
|
|
Disable key store low security |
|
|
Key store password maximum timeout |
|
|
Disable third party applications download |
|
|
Force lock when holstered |
|
|
Allow third party applications to use serial port |
|
|
Allow internal connection |
|
|
Allow external connections |
|
|
Allow split pipe connections |
|
|
Disable invalid certificate use |
|
|
Disable weak certificate use |
|
Transport Layer Security (TLS) Application Policy Group
The following group of settings control the use of Transport Layer
Security:
|
|
|
|
TLS disable weak ciphers |
|
|
TLS disable untrusted connection |
|
|
TLS minimum strong RSA key length |
|
|
TLS minimum strong DH key length |
|
|
TLS minimum strong ECC key length |
|
|
TLS disable invalid connection |
|
|
TLS restrict FIPS ciphers |
|
|
TLS minimum strong DSA key length |
|
Wireless TLS (WTLS) Application Policy Group
The following group of settings control the use of Wireless Transport
Layer Security:
|
|
|
|
WTLS disable weak ciphers |
|
|
WTLS disable untrusted connection |
|
|
WTLS minimum strong RSA key length |
|
|
WTLS minimum strong DH key length |
|
|
WTLS minimum strong ECC key length |
|
|
WTLS disable invalid connection |
|
Desktop Policy Group
The following group of settings control the Desktop Policy:
|
|
|
|
Desktop password cache timeout |
|
|
Desktop allow desktop add-ins |
|
|
Desktop allow device switch |
|
|