Check: BBDS-00-000105
Policy SRG:
BBDS-00-000105
(in version v1 r1)
Title
The BlackBerry Device Service server must deploy operating system and application updates via over-the-air (OTA) provisioning for managed mobile devices. (Cat II impact)
Discussion
Without the MDM ability to deploy operating systems and application updates over the air, it is possible for the mobile devices under the MDM's control to be susceptible to a zero day attack. The ability to apply updates OTA allows for rapid response to patching.
Check Content
The BlackBerry Device Service server has the capability to deploy mobile operation system and application updates via an over-the-air (OTA) session. Specific versions of applications can be sent to the device, or applications can be updated. OS updates are made available to the user for download. The user is notified when new updates are available. Create a software configuration: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software. 2. Click Create a software configuration. 3. In the Configuration information section, in the Name field, type a name for the software configuration. 4. Click Save. Add an app to a software configuration: You must add an app to a software configuration to send the app to BlackBerry devices. If you want to upgrade an app, you must add the new version of the app to the appropriate software configuration. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software. 2. Click Manage software configurations. 3. Click the software configuration that you want to add an app to. 4. Click Edit software configuration. 5. On the Applications tab, click Add applications to software configuration. 6. Search for the app that you want to add to the software configuration. 7. In the search results, select an app that you want to add to the software configuration. 8. For apps in the applications repository, in the Disposition drop-down list for the app, perform one of the following actions: * To install the app automatically on devices, and to prevent users from removing the app, select Required. * To permit users to install and remove the app, and to add the app to the Work tab in the BlackBerry World storefront, select Optional. 9. Repeat steps 6 to 8 for each app that you want to add to the software configuration. 10. Click Add to software configuration. 11. Click Save all. See the "Managing app availability on devices" section of the BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 6.2 Administration Guide for further details and other available options. If the BlackBerry Device Service server cannot be configured to send MOS and MAP updates OTA, this is a finding.
Fix Text
Configure the BlackBerry Device Service server to deploy MOS and MAP updates via an OTA session.
Additional Identifiers
Rule ID:
Vulnerability ID: BBDS-00-000105
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000345 |
The organization enforces logical access restrictions associated with changes to the information system. |
Controls
Number | Title |
---|---|
CM-5 |
Access Restrictions For Change |