UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

An Application White List software configuration must be assigned to all BES user accounts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16341 WIR1310-01 SV-17334r3_rule High
Description
The primary BlackBerry malware control is to set up one or more Application White List software configurations on the BES. Every user and group account must be assigned at least one Application White List software configuration. In an Application White List, the use of all non-core applications is denied unless an application is expressly allowed.
STIG Date
BlackBerry Enterprise Server (version 5.x), Part 2 Security Technical Implementation Guide 2016-09-08

Details

Check Text ( C-14175r3_chk )
Check the BES to see if an Application White List software configuration has been assigned to each BES user account.

Note: Section 3.2.5.2 of the BlackBerry STIG Overview has instructions for setting up an Application White List software configuration and assigning it to a user or a group account.

For BES 5.0:

-BAS >> BlackBerry solution management >> User >> Manage users
-Select at least 20 user accounts from different offices or sites on the BES at random and complete the following:

**Click on the user account name.
**Click on the "Software configuration" tab.
**Note the name of the software configuration assigned to the user (this will be the assigned "Application White List"). The name should be in a similar format to the following: "DISA Application White List 1".

If any user account has not been assigned an Application White List software configuration, this is a finding.

Note: The required configuration of the Application White List will be verified in checks WIR1310-02 and WIR1310-03.
Fix Text (F-23364r1_fix)
An application White List software configuration must be assigned to all BES user accounts.