BlackBerry devices must be protected by authenticated login procedures to unlock the device. Either CAC or Password authentication is required. IT Policy rule “Password Required” (Device Only policy group) must be set to “Yes” or “True”.

From BlackBerry Enterprise Server (version 5.x), Part 3 Security Technical Implementation Guide

Part of Authenticated login procedures -01

Associated with IA controls: ECSC-1

SV-3545r4_rule BlackBerry devices must be protected by authenticated login procedures to unlock the device. Either CAC or Password authentication is required. IT Policy rule “Password Required” (Device Only policy group) must be set to “Yes” or “True”.

Vulnerability discussion

Authenticated device unlock is a key security control for the BlackBerry system to restrict access to DoD data by unauthorized individuals.

Check content

This is a BES IT Policy check. Recommend all checks related to BES IT policies be reviewed using the following procedure. 1. Make a list of all IT Policies that have been assigned to BlackBerry user accounts. The list of IT Policies set up on the BES can be viewed as follows (do not list the default IT Policy) (Use Method #1 or Method #2 below): Method #1 BAS >> BlackBerry solution management box >> Policy >> Manage IT policies. Look at each IT policy listed under Manage IT policies to be checked. -Click on the policy name. -Click on "View users with IT policy." -Click Search. A list of all users assigned to the policy will be shown. For each policy that has users assigned to it, complete steps. Method #2 -Launch and log into the BlackBerry Monitoring Service. -On the monitoring menu, expand Reporting. -Click "Create custom report". -Select the following fields for the report: **Select report type: User. **Report title: IT Policies on BES. **Select the following columns: "IT policy name" and "User name." **Sort by "IT policy name". **Report format: PDF recommended. **Generate report. 2. Check each "Required" IT Policy rule listed in Table 1, BlackBerry STIG Configuration Tables. (There are approximately 125 rules with required configuration settings.) Note: All IT policy rules that have not been set correctly and the name of the IT policy currently being reviewed. The name of each IT policy that has an IT policy rule not set correctly should be noted in VMS. Note: Table 1 shows which Check STIG ID # should be marked as a finding for each IT policy rule not set correctly. 3. Repeat step 2 for each IT Policy that has users assigned to it. 4. In VMS, for each check with a finding, list the IT Policies that were found to be noncompliant. ***** For this check, verify IT Policy rule “Password Required” (Device Only policy group) is set as required. If not set as required, this is a finding.

Fix text

Configure the IT Policy rule as specified in the "Checks" block.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer