The BES12 server must be configured to enable all required audit events: a. Failure to push a new application on a managed mobile device; b. Failure to update an existing application on a managed mobile device.

From BlackBerry BES 12.5.x MDM Security Technical Implementation Guide

Part of PP-MDM-203106

Associated with: CCI-000129 CCI-000169 CCI-000366 CCI-001571

SV-83179r2_rule The BES12 server must be configured to enable all required audit events: a. Failure to push a new application on a managed mobile device; b. Failure to update an existing application on a managed mobile device.

Vulnerability discussion

Failure to generate these audit records makes it more difficult to identify or investigate attempted or successful compromises, potentially causing incidents to last longer than necessary.SFR ID: FAU_GEN.1.1(2) Refinement

Check content

Review the BES12 server configuration settings to determine if the BES12 server is configured to enable all required audit events: a. Failure to push a new application on a managed mobile device; b. Failure to update an existing application on a managed mobile device. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. On the BES12, do the following: 1. Log on to the BES12 console and select the "Policies and Profiles" tab at the top of the screen. 2. Expand the "IT policies" tab on the left pane. 3. Select and open each IT policy assigned to users in turn. 4. After opening the policy, select the "Settings" and "BlackBerry" tabs. 5. Scroll down to the "Security and Privacy" group of IT policy rules. 6. Verify "Event logging" is selected. 7. Verify "Error event logging" is selected. If the BES IT policy rules "Event logging" and "Error event logging" are not selected, this is a finding.

Fix text

On the BES12, do the following: 1. Log on to the BES12 console and select the "Policies and Profiles" tab at the top of the screen. 2. Expand the "IT policies" tab on the left pane. 3. Select and open each IT policy assigned to users in turn. 4. After opening the policy, select the "Settings" and "BlackBerry" tabs. 5. Scroll down to the "Security and Privacy" group of IT policy rules. 6. Select the checkbox next to the IT Policy "Event logging". 7. Select the checkbox next to the IT Policy "Error event logging". 8. Click "Save".

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer