An error occurred:

Check: BBDS-00-000340

Policy SRG: BBDS-00-000340 (in version v1 r1)

Title

The BlackBerry Device Service server must detect and report the version of the operating system, device drivers, and application software for managed mobile devices. (Cat I impact)

Discussion

Organizations are required to identify information systems containing software affected by recently announced software flaws (and potential vulnerabilities resulting from those flaws) and report this information to designated organizational officials with information security responsibilities (e.g., senior information security officers, information system security managers, information systems security officers). To support this requirement, an automated process or mechanism is required. This mechanism also ensures the network configuration is known for risk mitigation when known issues are found with certain versions of the operating system or applications.

Check Content

Review the BlackBerry Device Service (BDS) Server configuration to ensure the it detects and reports the version of the operating system, device drivers, and application software for managed mobile devices. If this function is not configured, this is a finding. The BlackBerry Device Service administrator is able to view the version of operating system and software configuration on the mobile devices using the "Managing Users" option in the BlackBerry Administration Service. To identify the operating system and application versions on the device: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. 2. Click Manage users. 3. Once the table of users appears, scroll down to the desired user, or use the search criteria to search for the desired user. 4. Scroll across the table to the column titled "Software version." To identify application software versions on the device: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. 2. Click Manage users. 3. Once the table of users appears, scroll down to the desired user, and select the user you want to see details for. 4. In the "Associated device properties" window, select the PIN for the appropriate device. 5. The Device software, Hardware, and other properties will be displayed in the corresponding windows. 6. From the Menu bar, select "Applications." 8. Optional and mandatory applications will be displayed with the current versions in the appropriate window for each category.

Fix Text

Configure the BlackBerry Device Service server to detect and report the version of the operating system, device drivers, and application software for managed mobile devices.

Additional Identifiers

Rule ID:

Vulnerability ID: BBDS-00-000340

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001233

The organization employs automated mechanisms on an organization-defined frequency to determine the state of information system components with regard to flaw remediation.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-2(2)

Automated Flaw Remediation Status