Check: WIR1445-01
BlackBerry Enterprise Server, Part 3:
WIR1445-01
(in versions v2 r10 through v2 r8)
Title
Data-at-Rest encryption (Content Protection) must be enabled on BlackBerry devices. IT Policy rule Content Protection Strength (Security policy group) must be set as required. (Cat II impact)
Discussion
DoD 8500 policy requires data-at-rest protection be enabled on all IT devices containing sensitive data in case the device is lost or stolen. This protection normally involves password or pin protected access.
Check Content
*****For this check, set IT Policy rule "Content Protection Strength" (Security policy group) to "Stronger or Strongest". Data-at-Rest encryption (Content Protection) must be enabled on BlackBerry devices. Note: When Content Protection is enabled in BES 4.1.4 and earlier and BlackBerry handheld software version before 4.5, the BES system administrator cannot remotely unlock a BlackBerry device and remotely reset the device password. Check Procedures: This is a BES IT Policy check. Recommend all checks related to BES IT policies be reviewed using the procedure in Check WIR1400-01 (V0003545). *****Verify IT Policy rule "Content Protection Strength" (Security policy group) is set as required. This check can also be verified on a sample of site BlackBerrys (3-4 devices) but the preferred procedure is to verify on the BES. Use the following procedure on BlackBerry devices: Settings >> Options >> Security Options >> General Settings >> Content Protection Verify Content Protection is set to Enabled. Verify the setting cannot be changed. If not set as required, this is a finding.
Fix Text
Configure the IT Policy rule as specified in the "Checks" block.
Additional Identifiers
Rule ID: SV-12718r4_rule
Vulnerability ID: V-12164
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |