Check: WIR1455-01
BlackBerry Enterprise Server, Part 3:
WIR1455-01
(in versions v2 r10 through v2 r5)
Title
All PDAs and smartphones must display the required banner during device unlock/logon. The IT Policy rule “Lock Owner Info” must be set as required. (Cat II impact)
Discussion
DoDI 8500.01 requires all PDAs, BlackBerrys, and smartphones to have a consent banner displayed during logon/device unlock to ensure user understands their responsibilities to safeguard DoD data. Note: DoDI 8500.01 does not include the required banner within the Instruction, but instead points to the RMF Knowledge Service for the required text.
Check Content
Detail Policy Requirements: All PDAs and smartphones must display the following banner during device unlock/logon: A. Use this banner for desktops, laptops, and other devices accommodating banners of 1300 characters. The banner shall be implemented as a click-through banner at logon (to the extent permitted by the operating system), meaning it prevents further activity on the information system unless and until the user executes a positive action to manifest agreement by clicking on a box indicating "OK."] You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details. B. For BlackBerrys and other PDAs/PEDs with severe character limitations: I've read & consent to terms in IS user agreem't. Check Procedures: Work with the SA to review the configuration of the PDA security management server or security policy configured on the PDA/smartphone. Review a sample of devices to check that the required banner is being used. Note: Depending on the system, this setting could be set on the management server or on the handheld device. *****Set IT Policy rule “Lock Owner Info“ (Common policy group) to “1 (Lock Information text) or 3 (Lock both Name and Information text)“. Check Procedures: This is a BES IT Policy check. Recommend all checks related to BES IT policies be reviewed using the procedure in Check WIR1400-01 (V0003545 ). *****Verify the IT Policy rule “Lock Owner Info" has been configured as required. Mark as a finding if not set as required.
Fix Text
Configure the IT Policy rule as specified in the "Checks" block.
Additional Identifiers
Rule ID: SV-21155r4_rule
Vulnerability ID: V-19244
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |