BlackBerry 10 OS must enable a system administrator to select which data fields will be available to applications outside of the contact database application.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-38323	BB10-00-000430	SV-50123r2_rule		Low

Description
The contact database often contains a significant amount of information beyond each person's name and phone number. The records may contain addresses and other identifying or sensitive information that should not be revealed. There may be cases in which an organization has determined that it is an acceptable risk to distribute parts of a person's contact record but not others. Enabling the system administrator to select which fields are available outside the contact database application assists with management of the risk.

Description

The contact database often contains a significant amount of information beyond each person's name and phone number. The records may contain addresses and other identifying or sensitive information that should not be revealed. There may be cases in which an organization has determined that it is an acceptable risk to distribute parts of a person's contact record but not others. Enabling the system administrator to select which fields are available outside the contact database application assists with management of the risk.

STIG	Date
BlackBerry 10 OS Security Technical Implementation Guide	2014-08-27

Details

Check Text ( C-45875r3_chk )
On BlackBerry Device Service: Ensure "Personal Apps Access to Work Contacts" IT Policy rule is set to "Only RIM Apps". Otherwise, this is a finding.

Fix Text (F-43266r3_fix)
On BlackBerry Device Service, set "Personal Apps Access to Work Contacts" IT Policy rule to "Only RIM Apps". NOTE: This fix procedure affects both Personal and Work Spaces.