UCF STIG Viewer Logo

The BES12 server must be configured to enable all required audit events: a. Failure to push a new application on a managed mobile device; b. Failure to update an existing application on a managed mobile device.


Overview

Finding ID Version Rule ID IA Controls Severity
V-68689 BS12-3X-003900 SV-83179r2_rule Medium
Description
Failure to generate these audit records makes it more difficult to identify or investigate attempted or successful compromises, potentially causing incidents to last longer than necessary. SFR ID: FAU_GEN.1.1(2) Refinement
STIG Date
BlackBerry BES 12.5.x MDM Security Technical Implementation Guide 2017-06-05

Details

Check Text ( C-69193r1_chk )
Review the BES12 server configuration settings to determine if the BES12 server is configured to enable all required audit events:
a. Failure to push a new application on a managed mobile device;
b. Failure to update an existing application on a managed mobile device.

Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.

On the BES12, do the following:
1. Log on to the BES12 console and select the "Policies and Profiles" tab at the top of the screen.
2. Expand the "IT policies" tab on the left pane.
3. Select and open each IT policy assigned to users in turn.
4. After opening the policy, select the "Settings" and "BlackBerry" tabs.
5. Scroll down to the "Security and Privacy" group of IT policy rules.
6. Verify "Event logging" is selected.
7. Verify "Error event logging" is selected.

If the BES IT policy rules "Event logging" and "Error event logging" are not selected, this is a finding.
Fix Text (F-74811r1_fix)
On the BES12, do the following:
1. Log on to the BES12 console and select the "Policies and Profiles" tab at the top of the screen.
2. Expand the "IT policies" tab on the left pane.
3. Select and open each IT policy assigned to users in turn.
4. After opening the policy, select the "Settings" and "BlackBerry" tabs.
5. Scroll down to the "Security and Privacy" group of IT policy rules.
6. Select the checkbox next to the IT Policy "Event logging".
7. Select the checkbox next to the IT Policy "Error event logging".
8. Click "Save".