Wireless email device users must not install or remove applications and/or software on their handheld device unless under the direction and supervision of an authorized system administrator. IT Policy rule “Show Application Loader” (Desktop-Only policy group) must be is set as required.

From BlackBerry Enterprise Server (version 5.x), Part 3 Security Technical Implementation Guide

Part of BlackBerry users install/remove apps -01

Associated with IA controls: ECSC-1

SV-15096r4_rule Wireless email device users must not install or remove applications and/or software on their handheld device unless under the direction and supervision of an authorized system administrator. IT Policy rule “Show Application Loader” (Desktop-Only policy group) must be is set as required.

Vulnerability discussion

The wireless email server can be configured to prevent users from installing or removing applications. These configuration settings must be set at the enterprise level to prevent users from downloading, using desktop software, unauthorized software, or harmful code.

Check content

Detailed Policy Requirements: ***** For this check, set IT Policy rule "Show Application Loader" (Desktop-Only policy group) to "No". Check Procedures: This is a BES IT Policy check. Recommend all checks related to BES IT policies be reviewed using the procedure in Check WIR1400-01 (V0003545). *****Verify IT Policy rule "Show Application Loader" (Desktop-Only policy group) is set as required. If not set as required, this is a finding.

Fix text

Configure the IT Policy rule as specified in the "Checks" block.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.