From BlackBerry Enterprise Server (version 5.x), Part 3 Security Technical Implementation Guide
Part of Data-at-Rest encryption -01
Associated with IA controls: ECSC-1
DoD 8500 policy requires data-at-rest protection be enabled on all IT devices containing sensitive data in case the device is lost or stolen. This protection normally involves password or pin protected access.
*****For this check, set IT Policy rule "Content Protection Strength" (Security policy group) to "Stronger or Strongest". Data-at-Rest encryption (Content Protection) must be enabled on BlackBerry devices. Note: When Content Protection is enabled in BES 4.1.4 and earlier and BlackBerry handheld software version before 4.5, the BES system administrator cannot remotely unlock a BlackBerry device and remotely reset the device password. Check Procedures: This is a BES IT Policy check. Recommend all checks related to BES IT policies be reviewed using the procedure in Check WIR1400-01 (V0003545). *****Verify IT Policy rule "Content Protection Strength" (Security policy group) is set as required. This check can also be verified on a sample of site BlackBerrys (3-4 devices) but the preferred procedure is to verify on the BES. Use the following procedure on BlackBerry devices: Settings >> Options >> Security Options >> General Settings >> Content Protection Verify Content Protection is set to Enabled. Verify the setting cannot be changed. If not set as required, this is a finding.
Configure the IT Policy rule as specified in the "Checks" block.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer