Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-47229 | BB10-2X-000430 | SV-60101r2_rule | Low |
Description |
---|
The contact database often contains a significant amount of information beyond each person's name and phone number. The records may contain addresses and other identifying or sensitive information that should not be revealed. There may be cases in which an organization has determined it is an acceptable risk to distribute parts of a person's contact record but not others. Enabling the system administrator to select which fields are available outside the contact database application (or to applications outside the work persona in the case of a dual persona device) assists with management of the risk. |
STIG | Date |
---|---|
BlackBerry 10.2.x OS Security Technical Implementation Guide | 2015-07-02 |
Check Text ( C-50055r2_chk ) |
---|
On BlackBerry Device Service: Ensure the IT Policy rule "Personal Apps Access to Work Contacts" is set to "Only BlackBerry Apps". Otherwise, this is a finding. |
Fix Text (F-50933r2_fix) |
---|
On BlackBerry Device Service, set the IT Policy rule "Personal Apps Access to Work Contacts" to "Only BlackBerry Apps". NOTE: This fix procedure affects both Personal and Work Spaces. |