An Application White List software configuration must be assigned to all BES user accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16341 | WIR1310-01 | SV-17334r3_rule | High |
| Description |
|---|
| The primary BlackBerry malware control is to set up one or more Application White List software configurations on the BES. Every user and group account must be assigned at least one Application White List software configuration. In an Application White List, the use of all non-core applications is denied unless an application is expressly allowed. |
| STIG | Date |
|---|---|
| BlackBerry Enterprise Server (version 5.x), Part 2 Security Technical Implementation Guide | 2016-09-08 |
Details
| Check Text ( C-14175r3_chk ) |
|---|
| Check the BES to see if an Application White List software configuration has been assigned to each BES user account. Note: Section 3.2.5.2 of the BlackBerry STIG Overview has instructions for setting up an Application White List software configuration and assigning it to a user or a group account. For BES 5.0: -BAS >> BlackBerry solution management >> User >> Manage users -Select at least 20 user accounts from different offices or sites on the BES at random and complete the following: **Click on the user account name. **Click on the "Software configuration" tab. **Note the name of the software configuration assigned to the user (this will be the assigned "Application White List"). The name should be in a similar format to the following: "DISA Application White List 1". If any user account has not been assigned an Application White List software configuration, this is a finding. Note: The required configuration of the Application White List will be verified in checks WIR1310-02 and WIR1310-03. |
| Fix Text (F-23364r1_fix) |
|---|
| An application White List software configuration must be assigned to all BES user accounts. |