The BlackBerry MDM Agent must be configured to generate an audit record of required events: (See Vulnerability Discussion for list). This requirement only applies to Work space only and Work and personal - Regulated activation types.

From BlackBerry OS 10.3.x Security Technical Implementation Guide

Part of PP-MDM-203001

Associated with: CCI-000366

SV-80221r1_rule The BlackBerry MDM Agent must be configured to generate an audit record of required events: (See Vulnerability Discussion for list). This requirement only applies to Work space only and Work and personal - Regulated activation types.

Vulnerability discussion

Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. They help identify attacks, so that breaches can either be prevented or limited in their scope. They facilitate analysis to improve performance and security.Required audit events:a. Start-up and shutdown of the audit functions;b. Change in MDM policy;c. Device modification commanded by the MDM server;d. Specifically defined auditable events in Table 7 of MDM Agent EP v.2.0.SFR ID: FAU_GEN.1.1(2) Refinement, MDM Agent EP

Check content

Review BlackBerry OS 10.3 configuration settings to determine if the BlackBerry is configured to generate an audit record of required events for Start-up and shutdown of the audit functions, Change in MDM policy, Device modification commanded by the MDM server, and Specifically defined auditable events in Table 7 of MDM Agent EP v.2.0. This procedure is performed on only on the BES console. Note: If an organization has multiple configuration profiles, then the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. On the BES 12, do the following: 1. Log into the BES 12 console and select the "POLICIES AND PROFILES” tab at the top of the screen. 2. Expand the “IT policies” tab on the left pane. 3. Select and open each IT policy assigned to users in turn. 4. After opening the policy, select the “Settings” and “BlackBerry” tabs. 5. Scroll down to the “Security and Privacy” group of IT policy rules. 6. Verify "Event logging" is selected. If the BES IT policy rule "Event logging" is not selected, this is a finding. Note: Procedures above are for BES 12 only, and is not available on BES 10.

Fix text

On the BES 12, do the following: 1. Log into the BES 12 console and select the "POLICIES AND PROFILES” tab at the top of the screen. 2. Expand the “IT policies” tab on the left pane. 3. Select and open each IT policy assigned to users in turn. 4. After opening the policy, select the “Settings” and “BlackBerry” tabs. 5. Click the pencil icon (upper right corner) to edit the IT Policy. 6. Scroll down to the “Security and Privacy” group of IT policy rules. 7. Select the check box next to the IT Policy "Event logging". 8. Click "Save". Note: Procedures above are for BES 12 only, and is not available on BES 10.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer