Check: BBCP-00-013800
BlackBerry CylancePROTECT Mobile for UEM STIG:
BBCP-00-013800
(in versions v1 r2 through v1 r1)
Title
CylancePROTECT Mobile must be configured to disable anonymous data collection by BlackBerry for both iOS and Android devices. (Cat II impact)
Discussion
The required application configurations will ensure that the minimum security baseline of the system is maintained to limit exposure of sensitive data and unauthorized access to the mobile device.
Check Content
Verify anonymous data collection by BlackBerry for both iOS and Android devices has been disabled by CylancePROTECT Mobile: 1. Log on to the BlackBerry UEM console. 2. In Policies and profiles >> Protection >> BlackBerry Protect, select a BlackBerry Protect profile. 3. On the iOS tab, in the "Statistics collection" section, verify "Allow collection of anonymized statistics from devices to improve the performance of BlackBerry Protect" check box has not been selected. 4. On the Android tab, in the "Statistics collection" section, verify the "Allow collection of anonymized statistics from devices to improve the performance of BlackBerry Protect" check box has not been selected. If CylancePROTECT Mobile has not disabled anonymous data collection by BlackBerry for both iOS and Android devices, this is a finding.
Fix Text
Disable CylancePROTECT Mobile anonymous data collection by BlackBerry for both iOS and Android devices: 1. Log on to the BlackBerry UEM console. 2. In Policies and profiles >> Protection >> BlackBerry Protect, select and edit a BlackBerry Protect profile. 3. On the iOS tab, in the "Statistics collection" section, clear the "Allow collection of anonymized statistics from devices to improve the performance of BlackBerry Protect" check box. 4. On the Android tab, in the "Statistics collection" section, clear the "Allow collection of anonymized statistics from devices to improve the performance of BlackBerry Protect" check box. 5. Click "Save".
Additional Identifiers
Rule ID: SV-257272r918400_rule
Vulnerability ID: V-257272
Group Title: SRG-APP-000516-AS-000237
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |