Title

BlackBerry Web Desktop Manager must be configured to disable a users capability to perform a user-initiated backup or restore. (Cat III impact)

Discussion

The overall security posture of the BlackBerry system is dependent on strict configuration management controls, including ensuring only authorized BlackBerry devices are being used and authorized devices are provisioned as required. When these configurations are not set as required, users may have the capability to activate unauthorized BlackBerry devices.

Check Content

Review the BlackBerry Device Service server policy configuration to determine whether a user initiated backup or restore of the Work Space of a managed mobile device has been disabled. If there are multiple policies, they must all be reviewed. Otherwise, this is a finding.

Fix Text

Configure the centrally managed BlackBerry Device Service server policy rule to disallow a user initiated backup or restore of the Work Space of a managed mobile device. For BlackBerry Balance (Corporate and Regulated) devices, log into BlackBerry Administration Service, and under "BlackBerry solution management" on the left side of the screen, navigate to "Policy > Manage IT policies > <Policy Name> > View complete IT Policy > Security" and verify "Backup and Restore Work Space" is set to "Disallow". For Work Space only devices, log into BlackBerry Administration Service, and under "BlackBerry solution management" on the left side of the screen, navigate to "Policy > Manage IT policies > <Policy Name> > View complete IT Policy > Security" and verify "Backup and Restore Device" is set to "Disallow".

Additional Identifiers

Rule ID:

Vulnerability ID: V-48579

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.