Each Application White List software configuration assigned to each user account must be configured with top-level default “disallow” for all applications. Applications must be specifically allowed at a lower level.

From BlackBerry Enterprise Server (version 5.x), Part 2 Security Technical Implementation Guide

Part of Set default Disallow on Application White List

SV-25372r3_rule Each Application White List software configuration assigned to each user account must be configured with top-level default “disallow” for all applications. Applications must be specifically allowed at a lower level.

Vulnerability discussion

The primary BlackBerry malware control is to set up an Application White List where the use of all applications is denied unless an application is expressly allowed. Otherwise, malware could be installed on the BlackBerry.

Check content

Verify for each Application White List software configuration identified in check WIR1310-01 that a "Deny All" policy has been assigned to the software configuration. (This configuration stops the execution of any application not specifically allowed.) -BAS >> BlackBerry solution management >> Software >> Manage software configurations -For each software configuration listed (all Application White List software configurations will be in this list), click on the software configuration and verify "Disposition for unlisted applications" is set to "Disallowed" and disposition for "Application control policy for unlisted applications" is set to "Standard Unlisted Disallowed". Note: If the site has followed the procedures for setting up an Application White List found in Section 3.2.5.2 of the BlackBerry STIG Overview, the "Deny All" Application Control Policy will have the following title: "Disallowed Application". (The title of the Application Control Policy is not important; verify the policy is configured as required.) If any Application Control Policy is not configured as required, this is a finding.

Fix text

Each Application White List software configuration assigned to each user account must be configured with top level default “disallow” for all applications.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer