UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

CylancePROTECT Mobile must be configured with the following compliance actions when sideloaded apps are detected: -Prompt for compliance: Immediate enforcement action. -Prevent the user from accessing work resources and apps on the device while it is out of compliance. -Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance.


Overview

Finding ID Version Rule ID IA Controls Severity
V-257263 BBCP-00-012900 SV-257263r918373_rule Medium
Description
When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device.
STIG Date
BlackBerry CylancePROTECT Mobile for UEM Security Technical Implementation Guide 2023-11-21

Details

Check Text ( C-60947r918371_chk )
Verify the following compliance actions have been enabled when sideloaded apps are detected:
-Prompt for compliance: Immediate enforcement action.
-Prevent the user from accessing work resources and apps on the device while it is out of compliance.
-Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance.

1. Log on to the BlackBerry UEM console.
2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance.
3. Find the CylancePROTECT Mobile sideloaded app compliance profile (have the site system administrator identify the correct profile).
4. Select the iOS tab and verify the following selections:
5. In the "Prompt for compliance" drop-down list verify "Immediate enforcement action" is selected.
6. In the "Enforcement action for device" drop-down list, verify "Untrust" is selected.
7. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, verify "Do not allow BlackBerry Dynamics apps to run" is selected.
8. Repeat steps 4–6 for Android.

If required compliance actions for when sideloaded apps are detected for iOS and Android are not configured, this is a finding.
Fix Text (F-60889r918372_fix)
Configure the following compliance actions when sideloaded apps are detected:
-Prompt for compliance: Immediate enforcement action.
-Prevent the user from accessing work resources and apps on the device while it is out of compliance.
-Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance.

1. Log on to the BlackBerry UEM console.
2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance.
3. Create a new compliance profile or select and edit an existing compliance profile.
4. Select the iOS tab to configure sideload detection for that platform.
5. In the BlackBerry Protect section, select the "Sideloaded app is installed" check box.
6. Configure the behavior prompt settings: Prompt for compliance: "Immediate enforcement action".
7. In the "Enforcement action for device" drop-down list, select "Untrust".
8. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, select "Do not allow BlackBerry Dynamics apps to run".
9. Repeat steps 3–7 for configure compliance actions for Android.
10. Click "Save".
11. Assign the profile to users and groups.