Check: BS12-3X-003900
BlackBerry BES 12-5-x STIG:
BS12-3X-003900
(in version v1 r3)
Title
The BES12 server must be configured to enable all required audit events: a. Failure to push a new application on a managed mobile device; b. Failure to update an existing application on a managed mobile device. (Cat II impact)
Discussion
Failure to generate these audit records makes it more difficult to identify or investigate attempted or successful compromises, potentially causing incidents to last longer than necessary. SFR ID: FAU_GEN.1.1(2) Refinement
Check Content
Review the BES12 server configuration settings to determine if the BES12 server is configured to enable all required audit events: a. Failure to push a new application on a managed mobile device; b. Failure to update an existing application on a managed mobile device. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. On the BES12, do the following: 1. Log on to the BES12 console and select the "Policies and Profiles" tab at the top of the screen. 2. Expand the "IT policies" tab on the left pane. 3. Select and open each IT policy assigned to users in turn. 4. After opening the policy, select the "Settings" and "BlackBerry" tabs. 5. Scroll down to the "Security and Privacy" group of IT policy rules. 6. Verify "Event logging" is selected. 7. Verify "Error event logging" is selected. If the BES IT policy rules "Event logging" and "Error event logging" are not selected, this is a finding.
Fix Text
On the BES12, do the following: 1. Log on to the BES12 console and select the "Policies and Profiles" tab at the top of the screen. 2. Expand the "IT policies" tab on the left pane. 3. Select and open each IT policy assigned to users in turn. 4. After opening the policy, select the "Settings" and "BlackBerry" tabs. 5. Scroll down to the "Security and Privacy" group of IT policy rules. 6. Select the checkbox next to the IT Policy "Event logging". 7. Select the checkbox next to the IT Policy "Error event logging". 8. Click "Save".
Additional Identifiers
Rule ID: SV-83179r2_rule
Vulnerability ID: V-68689
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000129 |
The organization defines in the auditable events that the information system must be capable of auditing based on a risk assessment and mission/business needs. |
| CCI-000169 |
The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components. |
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-001571 |
The organization defines the information system auditable events. |