BlackBerry (OS7 and BES5) STIG Version 2, Release 11 Checklist Details (Checklist Revisions)

Supporting Resources:


Target CPE Name
Research In Motion (RIM) Blackberry Enterprise Server (BES) 5.0.4 cpe:/a:rim:blackberry_enterprise_server:5.0.4 (View CVEs)
Research In Motion (RIM) Blackberry OS 5.0 cpe:/o:rim:blackberry_os:5.0 (View CVEs)
Research In Motion (RIM) Blackberry OS 6.0 cpe:/o:rim:blackberry_os:6.0 (View CVEs)
Research In Motion (RIM) Blackberry OS 7.0 cpe:/o:rim:blackberry_os:7.0 (View CVEs)

Checklist Highlights

Checklist Name:
BlackBerry (OS7 and BES5) STIG
Checklist ID:
Version 2, Release 11
Review Status:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:

Checklist Summary:

The BlackBerry Security Technical Implementation Guide (STIG) and associated documents e.g., BlackBerry Overview, BlackBerry Configuration Tables, BlackBerry Handheld STIG, and BlackBerry Enterprise Server STIG), provide security policy and configuration requirements for the use of BlackBerry wireless email in the Department of Defense (DoD). Guidance in these documents applies to all BlackBerry systems, including BlackBerry handheld devices and BlackBerry Enterprise Server (BES). This STIG provides security requirements for BES 5.0.4 and BlackBerry OS 5-7.x.

Checklist Role:

  • Enterprise Email Server
  • Desktop or Mobile Client

Known Issues:

Not provided.

Target Audience:

This document is a requirement for all DoD-administered systems and all systems connected to DoD networks. These requirements are designed to assist Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and System Administrators (SAs) with configuring and maintaining security controls. This guidance supports DoD system design, development, implementation, certification, and accreditation efforts.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

BlackBerry virus protection features have been tested by National Security Agency (NSA) and DISA and were approved by the Defense Information System Network (DISN) Security Accreditation Working Group (DSAWG) in 2006 as meeting DoD security requirements when the initial release of this Checklist was approved.

Regulatory Compliance:

DoD Directive (DoDD) 8500.1


Not provided.


Not provided.

Product Support:

Not provided.

Point of Contact:

Comments or proposed revisions to this document should be sent via email to the following address:


Not provided.


Not provided.

Change History:

Version 2, Release 8 - 06 August 2015
Updated status from "Under Review" to "Final" - 21 July 2015
Version 2, Release 6 - 08 June 2015
BlackBerry (OS7 and BES5) STIG Version 2, Release 4 - July 25, 2013
Changed status from "under review" to "final" - 11 September 2015
Version 2, Release 9 - 29 October 2015
Changed status from "Under Review" to "Final" - 29 December 2015
Updated STIG to Version 2, Release 10 - 10/28/2016
updated to FINAL - 12/07/2016
archived - 05/19/2017
Updated URL to reflect change to the DISA website - http --> https
Updated URLs - 6/24/19
Updated URLs - 9/11/19


URL Description


Reference URL Description

NIST checklist record last modified on 09/11/2019