Check: BBDS-00-000115
Policy SRG:
BBDS-00-000115
(in version v1 r1)
Title
BlackBerry accounts must not be assigned to the default IT policy on the BlackBerry Device Service server or any other non-STIG compliant IT policy. (Cat I impact)
Discussion
The BlackBerry default policy on the BDS server does not include many DoD required security policies for data encryption, authentication, and access control. DoD enclaves are at risk of data exposure and hacker attack if users are assigned the default (or other non-STIG compliant) IT policy.
Check Content
Detailed Policy Requirements: 1. Separate STIG compliant IT policies will be set up on the BDS server: one for users that have been issued an approved Bluetooth headset/hands free device and one for users that have not been issued an approved Bluetooth headset/hands free device. 2. All user accounts will be assigned to a STIG compliant IT policy. Check Procedures: Interview the BlackBerry system administrator. Ask the administrator to identify the default IT policy on the BDS (usually labeled "Default" and any other non-STIG compliant IT policies set up on the BDS. View the list of IT policies set up on the BDS as follows: BDS -> BlackBerry solution management -> Policy -> Manage IT Policies Verify no users are assigned the default IT Policy or any other non-STIG IT policy by performing the following steps for each policy. For the default IT policy and other non-STIG IT policies, look at each IT policy listed under "Manage IT policies" to be checked. - Click on the policy name. - Click on "View Users with reconciled IT Policy." - A list of all users assigned to the selected IT policy will be shown. - Determine if any user has been assigned to the default IT Policy or any other non-STIG IT policy. If yes, this is a finding.
Fix Text
User accounts will only be assigned a STIG compliant IT policy.
Additional Identifiers
Rule ID:
Vulnerability ID: BBDS-00-000115
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000370 |
The organization employs automated mechanisms to centrally manage configuration settings for organization-defined information system components. |
Controls
Number | Title |
---|---|
CM-6 (1) |
Automated Central Management / Application / Verification |