Check: WIR1400-01
BlackBerry Enterprise Server, Part 3:
WIR1400-01
(in versions v2 r10 through v2 r8)
Title
BlackBerry devices must be protected by authenticated login procedures to unlock the device. Either CAC or Password authentication is required. IT Policy rule “Password Required” (Device Only policy group) must be set to “Yes” or “True”. (Cat I impact)
Discussion
Authenticated device unlock is a key security control for the BlackBerry system to restrict access to DoD data by unauthorized individuals.
Check Content
This is a BES IT Policy check. Recommend all checks related to BES IT policies be reviewed using the following procedure. 1. Make a list of all IT Policies that have been assigned to BlackBerry user accounts. The list of IT Policies set up on the BES can be viewed as follows (do not list the default IT Policy) (Use Method #1 or Method #2 below): Method #1 BAS >> BlackBerry solution management box >> Policy >> Manage IT policies. Look at each IT policy listed under Manage IT policies to be checked. -Click on the policy name. -Click on "View users with IT policy." -Click Search. A list of all users assigned to the policy will be shown. For each policy that has users assigned to it, complete steps. Method #2 -Launch and log into the BlackBerry Monitoring Service. -On the monitoring menu, expand Reporting. -Click "Create custom report". -Select the following fields for the report: **Select report type: User. **Report title: IT Policies on BES. **Select the following columns: "IT policy name" and "User name." **Sort by "IT policy name". **Report format: PDF recommended. **Generate report. 2. Check each "Required" IT Policy rule listed in Table 1, BlackBerry STIG Configuration Tables. (There are approximately 125 rules with required configuration settings.) Note: All IT policy rules that have not been set correctly and the name of the IT policy currently being reviewed. The name of each IT policy that has an IT policy rule not set correctly should be noted in VMS. Note: Table 1 shows which Check STIG ID # should be marked as a finding for each IT policy rule not set correctly. 3. Repeat step 2 for each IT Policy that has users assigned to it. 4. In VMS, for each check with a finding, list the IT Policies that were found to be noncompliant. ***** For this check, verify IT Policy rule “Password Required” (Device Only policy group) is set as required. If not set as required, this is a finding.
Fix Text
Configure the IT Policy rule as specified in the "Checks" block.
Additional Identifiers
Rule ID: SV-3545r4_rule
Vulnerability ID: V-3545
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |