Data-at-Rest encryption (Content Protection) must be enabled on BlackBerry devices. IT Policy rule “Content Protection of Content List” (Security policy group) is set as required.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-19301	WIR1445-02	SV-21218r4_rule	ECSC-1	Low

Description
DoD 8500 policy requires that data-at-rest protection be enabled on all IT devices containing sensitive data in case the device is lost or stolen. This protection normally involves encryption or pin protected access.

STIG	Date
BlackBerry Enterprise Server, Part 3 Security Technical Implementation Guide	2011-04-11

Details

Check Text ( C-23345r4_chk )
Data-at-rest encryption -02 (Manual) ***For this check, set IT Policy rule “Content Protection of Contact List” (Security policy group) to “Required" or "TRUE.” Check Procedures: This is a BES IT Policy check. Recommend that all checks related to BES IT policies be reviewed using the procedure in Check WIR1400-01 (V0003545). ***Verify IT Policy rule “Content Protection of Content List” (Security policy group) is set as required. Note: The previous name for this rule was "Force Include Address Book in Content Protection."

Check Text ( C-23345r4_chk )

Data-at-rest encryption -02 (Manual)

*****For this check, set IT Policy rule “Content Protection of Contact List” (Security policy group) to “Required" or "TRUE.”

Check Procedures:

This is a BES IT Policy check. Recommend that all checks related to BES IT policies be reviewed using the procedure in Check WIR1400-01 (V0003545).

*****Verify IT Policy rule “Content Protection of Content List” (Security policy group) is set as required.

Note: The previous name for this rule was "Force Include Address Book in Content Protection."

Fix Text (F-23386r1_fix)
Configure the IT Policy rule as specified in the "Checks" block.