An error occurred:

Check: BBDS-00-000286

Policy SRG: BBDS-00-000286 (in version v1 r1)

Title

BlackBerry Device Service must be configured to disable a user's capability to perform a user initiated backup or restore of the work persona of a managed mobile device. (Cat III impact)

Discussion

The overall security posture of the BlackBerry system is dependent on strict configuration management controls, including ensuring only authorized BlackBerry devices are being used and authorized devices are provisioned as required. When these configurations are not set as required, users may have the capability to activate unauthorized BlackBerry devices.

Check Content

Review the BlackBerry Device Service server configuration to determine whether there is administrative functionality to disallow a user initiated backup or restore of the work persona of a managed mobile device. If this function is not present, this is a finding. The "Backup and Restore Work Perimeter Space" rule specifies whether a BlackBerry device user can back up and restore the apps and data that are located in the work space of the device using BlackBerry Link. If this rule is set to Disallow, the option to back up and restore the contents of the work space is disabled. IT policy rules can be specified per group or per user. To add an IT policy to a group: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Group. 2. Click Manage groups. 3. Click the name of the group. 4. Click Edit group. 5. Click the Policies tab. 6. In the IT policy list, select the IT policy. 7. Click Save all. To add an IT policy to a user account: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. 2. Click Manage users. 3. Search for a user account. 4. In the search results, select the check box for the user account. 5. In the Add to user configuration list, click Set IT policy. 6. In the IT policy drop-down list, select the IT policy. 7. Click Save. For more details and information, please see the "Setting up device controls" section of the BlackBerry Enterprise Service 10 BlackBerry Device Service, Version: 6.2 Administration Guide.

Fix Text

Configure the centrally managed BlackBerry Device Service server security policy rule to disallow a user initiated backup or restore of the work persona of a managed mobile device.

Additional Identifiers

Rule ID:

Vulnerability ID: BBDS-00-000286

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000386

The organization employs automated mechanisms to prevent program execution on the information system in accordance with the organization-defined specifications.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check