Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19244 | WIR1455-01 | SV-21155r2_rule | EBCR-1 | Medium |
Description |
---|
DoD CIO memo requires all PDAs, BlackBerrys, and smartphones to have a consent banner displayed during logon/device unlock to ensure user understands their responsibilities to safeguard DoD data. |
STIG | Date |
---|---|
BlackBerry Enterprise Server (version 5.x), Part 3 Security Technical Implementation Guide | 2013-03-21 |
Check Text ( C-23268r2_chk ) |
---|
Detail Policy Requirements: All PDAs and smartphones must display the following banner during device unlock/logon: A. Use this banner for desktops, laptops, and other devices accommodating banners of 1300 characters. The banner shall be implemented as a click-through banner at logon (to the extent permitted by the operating system), meaning it prevents further activity on the information system unless and until the user executes a positive action to manifest agreement by clicking on a box indicating "OK."] You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details. B. For BlackBerrys and other PDAs/PEDs with severe character limitations: I've read & consent to terms in IS user agreem't. Check Procedures: Work with the SA to review the configuration of the PDA security management server or security policy configured on the PDA/smartphone. Review a sample of devices to check that the required banner is being used. Note: Depending on the system, this setting could be set on the management server or on the handheld device. *****Set IT Policy rule “Lock Owner Info“ (Common policy group) to “1 (Lock Information text) or 3 (Lock both Name and Information text)“. Check Procedures: This is a BES IT Policy check. Recommend all checks related to BES IT policies be reviewed using the procedure in Check WIR1400-01 (V0003545 ). *****Verify the IT Policy rule “Lock Owner Info" has been configured as required. |
Fix Text (F-23386r1_fix) |
---|
Configure the IT Policy rule as specified in the "Checks" block. |