UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

CylancePROTECT Mobile must be configured with the following compliance actions when a hardware attestation certificate failure occurs (Android only): -Minimum security level required: "Trusted Environment" or "StrongBox" -Prompt behavior: "Immediate enforcement action". -Enforcement action for BlackBerry Dynamics apps: "Do not allow BlackBerry Dynamics apps to run".


Overview

Finding ID Version Rule ID IA Controls Severity
V-257270 BBCP-00-013600 SV-257270r918394_rule Medium
Description
When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device.
STIG Date
BlackBerry CylancePROTECT Mobile for UEM Security Technical Implementation Guide 2023-06-22

Details

Check Text ( C-60954r918392_chk )
Verify the following compliance actions are enabled when a hardware attestation certificate failure occurs (Android only):
-Minimum security level required: "Trusted Environment" or "StrongBox".
-Prompt behavior: "Immediate enforcement action".
-Enforcement action for BlackBerry Dynamics apps: "Do not allow BlackBerry Dynamics apps to run".

1. Log on to the BlackBerry UEM console.
2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance.
3. Select the appropriate compliance profile (have the site system admin identify the profile).
4. On the Android tab in the BlackBerry Protect section, verify "Hardware attestation security level" has been selected.
5. In the "Minimum security level required" drop-down list, verify either "Trusted Environment" or "StrongBox" is selected.
6. In the "Prompt behavior" drop-down list, verify "Immediate enforcement action" is selected.
7. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, verify "Do not allow BlackBerry Dynamics apps to run" is selected.

If required compliance actions are not enabled when a hardware attestation certificate failure occurs, this is a finding.
Fix Text (F-60896r918393_fix)
Configure the following compliance actions when a hardware attestation certificate failure occurs (Android only):
-Minimum security level required: "Trusted Environment" or "StrongBox".
-Prompt behavior: "Immediate enforcement action".
-Enforcement action for BlackBerry Dynamics apps: "Do not allow BlackBerry Dynamics apps to run".

1. Log on to the BlackBerry UEM console.
2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance.
3. Create a new compliance profile or select and edit an existing compliance profile.
4. On the Android tab in the BlackBerry Protect section, select the "Hardware attestation security level" check box.
5. In the "Minimum security level required" drop-down list, select either "Trusted Environment" or "StrongBox".
6. In the "Prompt behavior" drop-down list, select "Immediate enforcement action".
7. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, select "Do not allow BlackBerry Dynamics apps to run".
8. Click "Add" or "Save".
9. Assign the profile to users and groups.