Before establishing a user session, the BES12 server must display an administrator-specified advisory notice and consent warning message regarding use of the BES12 server.

From BlackBerry BES 12.5.x MDM Security Technical Implementation Guide

Part of PP-MDM-201100

Associated with: CCI-000048

SV-83175r2_rule Before establishing a user session, the BES12 server must display an administrator-specified advisory notice and consent warning message regarding use of the BES12 server.

Vulnerability discussion

Note: The advisory notice and consent warning message is not required if the General Purpose OS or Network Device displays an advisory notice and consent warning message when the administrator logs on to the General Purpose OS or Network Device prior to accessing the MDM server or MDM Server platform.The MDM server/server platform is required to display the DoD-approved system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. This ensures the legal requirements for auditing and monitoring are met. The approved DoD text must be used as specified in KS referenced in DoDI 8500.01.The non-bracketed text below must be used without any changes as the warning banner.[A. Use this banner for desktops, laptops, and other devices accommodating banners of 1300 characters. The banner must be implemented as a click-through banner at logon (to the extent permitted by the operating system), meaning it prevents further activity on the information system unless and until the user executes a positive action to manifest agreement by clicking on a box indicating “OK”.]You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.SFR ID: FMT_SMF_EXT.1.1(2) Refinement

Check content

Review BES12 server documentation and configuration settings to determine if the warning banner is using the appropriate designated wording. On the BES12, do the following: 1. Log on to the BES12 console and select the "Settings" tab at the top of the screen. 2. Expand the "General" settings tab on the left pane. 3. Select "Login notices" from the menu in the left pane. 4. Verify the checkbox next to "Enable a login notice for the management console" is checked. 5. Verify the console login notice text exactly matches the requirement text. 6. Verify the checkbox next to "Enable a login notice for the self-service console" is checked. 7. Verify the self-service console login notice text exactly matches the requirement text. If the console notice wording does not exactly match the VulDescription text, this is a finding.

Fix text

On the BES12, do the following: 1. Log on to the BES12 console and select the "Settings" tab at the top of the screen. 2. Expand the "General" settings tab on the left pane. 3. Select "Login notices" from the menu in the left pane. 4. Click the pencil icon (upper-right corner) to edit the Login notices. 5. Select the checkbox next to "Enable a login notice for the management console". 6. In the "Enable a login notice for the management console" field, type the DoD banner found in the VulDescription. 7. Select the checkbox next to "Enable a login notice for the self-service console". 8. In the "Enable a login notice for the self-service console" field, type the DoD banner found in the VulDescription. 9. Click "Save".

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer