CylancePROTECT Mobile must be configured with the following compliance action when a compliance event occurs: -Notify Administrator (send event notification).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-257262	BBCP-00-012800	SV-257262r918370_rule		Medium

Description
When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device.

STIG	Date
BlackBerry CylancePROTECT Mobile for UEM Security Technical Implementation Guide	2023-06-22

Details

Check Text ( C-60946r918368_chk )
Verify the following compliance action for CylancePROTECT Mobile has been enabled: -Notify Administrator (send event notification). 1. Log on to the BlackBerry UEM console. 2. On the menu bar, click Settings >> General settings. 3. Click "Event notifications". 4. Verify each of the following BlackBerry Protect notifications are listed: "Safe Browsing", "Malicious app removed from UEM", "Malicious app detected on device", and "Sideloaded app detected on app". If all four of the BlackBerry Protect notifications listed above are not enabled, this is a finding.

Check Text ( C-60946r918368_chk )

Verify the following compliance action for CylancePROTECT Mobile has been enabled:
-Notify Administrator (send event notification).

1. Log on to the BlackBerry UEM console.
2. On the menu bar, click Settings >> General settings.
3. Click "Event notifications".
4. Verify each of the following BlackBerry Protect notifications are listed: "Safe Browsing", "Malicious app removed from UEM", "Malicious app detected on device", and "Sideloaded app detected on app".

If all four of the BlackBerry Protect notifications listed above are not enabled, this is a finding.

Fix Text (F-60888r918369_fix)
Enable the following compliance action for CylancePROTECT Mobile: -Notify Administrator (send event notification). 1. Log on to the BlackBerry UEM console. 2. On the menu bar, click Settings >> General settings. 3. Click "Event notifications". a. On the "Event notifications" tab, click "Add". b. Select event type "BlackBerry Protect". c. Click one of the following selections: "Safe Browsing", "Malicious app removed from UEM", "Malicious app detected on device", or "Sideloaded app detected on app". d. Click "Next". 4. In the Date/time to send email notification drop-down list, select one of the following options: a. Always after an event: Email notifications are sent whenever the event occurs. b. Any preconfigured schedule in the list. c. Add new scheduler: Create a schedule and click "Save". 5. In the Recipients field, select one of the following options: a. Add new distribution list: Create a distribution list and click "Save". b. Any preconfigured distribution list. 6. In the email template drop-down list, select the email template to use for the event notification. 7. In the Status drop-down list, select "On" to enable the event notification. 8. Click "Preview email" to see the event notification email and the list of email addresses for the recipients. 9. Click "Save". 10. Repeat steps 3–9 for each of the possible BlackBerry Protect event notifications ("Safe Browsing", "Malicious app removed from UEM", "Malicious app detected on device", "Sideloaded app detected on app").

Fix Text (F-60888r918369_fix)

Enable the following compliance action for CylancePROTECT Mobile:
-Notify Administrator (send event notification).

1. Log on to the BlackBerry UEM console.
2. On the menu bar, click Settings >> General settings.
3. Click "Event notifications".
a. On the "Event notifications" tab, click "Add".
b. Select event type "BlackBerry Protect".
c. Click one of the following selections: "Safe Browsing", "Malicious app removed from UEM", "Malicious app detected on device", or "Sideloaded app detected on app".
d. Click "Next".
4. In the Date/time to send email notification drop-down list, select one of the following options:
a. Always after an event: Email notifications are sent whenever the event occurs.
b. Any preconfigured schedule in the list.
c. Add new scheduler: Create a schedule and click "Save".
5. In the Recipients field, select one of the following options:
a. Add new distribution list: Create a distribution list and click "Save".
b. Any preconfigured distribution list.
6. In the email template drop-down list, select the email template to use for the event notification.
7. In the Status drop-down list, select "On" to enable the event notification.
8. Click "Preview email" to see the event notification email and the list of email addresses for the recipients.
9. Click "Save".
10. Repeat steps 3–9 for each of the possible BlackBerry Protect event notifications ("Safe Browsing", "Malicious app removed from UEM", "Malicious app detected on device", "Sideloaded app detected on app").