- Getting started
- System components and configuration
- BlackBerry AtHoc account requirements
- Install BlackBerry AtHoc
- Upgrade BlackBerry AtHoc
- Postinstallation or upgrade configuration
- Set antivirus file exclusions for database log and tempDB files
- IIS postinstallation checklist
- Application pool configuration tables
- Table 1: Application pool configuration
- Table 2: Application Pool - Web application associations for the AtHoc website - Enterprise configuration
- Table 3: AtHoc services application pool configuration
- Table 4: Application pools - web application association for AtHoc services web site
- IIS handler mappings
- Verification checklist
- Application pool configuration tables
- (Optional) Enable message termination
- (Optional) Enable and enforce the TLS 1.2 protocol
- (Optional) Configure the application server for Windows authentication
- (Optional) Configure client certificates on the application server
- (Optional) Set the SSL client certificate
- (Optional) Install certificates for cloud delivery services
- (Optional) Configure new access card formats for operator auto-login
- (Optional) Enable FIPS on each application server
- (Optional) Archive and MAS export service account requirements
- Configure .NET framework to use a web proxy
- (Optional) Restore the XML files for duplicated devices
- (Optional) Set up error pages for Self Service throttling
- (Optional) Set up error pages for Self Service throttling
- Advanced server configuration
- IIS 8.5 Security Technology Implementation Guide
- Server STIG
- IISW-SV-000103: Enable log file and Event Tracing windows
- IISW-SV-000107: Sufficient web server log records for location of web server events
- IISW-SV-000108: Sufficient web server log records for source of web server events
- IISW-SV-000110: Sufficient web server log records to establish the outcome of web server events
- IISW-SV-000111: Sufficient web server log records to establish identity
- IISW-SV-000112: Web server must use Event Tracing for Windows logging option
- IISW-SV-000120: Samples, examples, and tutuorials must be removed from production server
- IISW-SV-000124: Web server must have MIMEs that invoke OS shell programs disabled
- IISW-SV-000146: Web server must not impede ability to write log record content to an audit log
- IISW-SV-000153: Web server must maintain the confidentiality of controlled information during transmission
- IISW-SV-000154: Web server must maintain the confidentiality of controlled information during transmission
- Application STIG
- IISW-SI-000206: Enable log file and Event Tracing windows
- IISW-SI-000209: Sufficient website log records to establish identity
- IISW-SI-000210: Sufficient website log records to establish identity
- IISW-SI-000211: Website must use Event Tracing for Windows logging option
- IISW-SI-000214: Website must have MIMEs that invoke OS shell programs disabled
- IISW-SI-000228: Non-ASCII characters in URLs must be prohibited
- Server STIG
- Verifying BlackBerry AtHoc is operational
- Appendix A: Troubleshooting
- Appendix B: Organization duplicator object management
- BlackBerry AtHoc Customer Support Portal
- Legal notice
- BlackBerry Docs
- BlackBerry AtHoc
- BlackBerry AtHoc 7.9
- Installation and Configuration Guide
- IIS 8.5 Security Technology Implementation Guide
- Server STIG
- IISW-SV-000153: Web server must maintain the confidentiality of controlled information during transmission
IISW-SV-000153: Web server must maintain the confidentiality of controlled information during transmission
An IIS 8.5 web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
To check compliance with IISW-SV-000153, complete the following steps:
- Open the IIS 8.5 IIS Manager.
- Click the IIS 8.5 web server name.
- Access an administrator command prompt.
- Typeregedit<enter>to access the registry of the server.
- Navigate to the following registry paths:
- HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
- HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
- Verify thatDisabledByDefaulthas a REG_DWORD value of0.
- Navigate to the following registry paths:
- HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
- HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
- HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
- Verify thatDisabledByDefaulthas a REG_DWORD value of1.
If any of the listed registry paths do not exist or are configured with the incorrect value, your server is not compliant.
If your server is not compliant, complete the following steps:
- Open the IIS 8.5 IIS Manager.
- Click the IIS 8.5 web server name.
- Access an administrator command prompt.
- Typeregedit<enter>to access the registry of the server.
- Navigate to the following registry paths:
- HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
- HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
- Set theDisabledByDefaultREG_DWORD value to0.
- Navigate to the following registry paths:
- HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
- HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
- HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
- Set theDisabledByDefaultREG_DWORD value to1.