UCF STIG Viewer Logo

All PDAs and smartphones must display the required banner during device unlock/logon. The IT Policy rule “Lock Owner Info” must be set as required.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19244 WIR1455-01 SV-21155r4_rule EBCR-1 Medium
Description
DoDI 8500.01 requires all PDAs, BlackBerrys, and smartphones to have a consent banner displayed during logon/device unlock to ensure user understands their responsibilities to safeguard DoD data. Note: DoDI 8500.01 does not include the required banner within the Instruction, but instead points to the RMF Knowledge Service for the required text.
STIG Date
BlackBerry Enterprise Server (version 5.x), Part 3 Security Technical Implementation Guide 2015-07-02

Details

Check Text ( C-23268r3_chk )
Detail Policy Requirements:

All PDAs and smartphones must display the following banner during device unlock/logon:
A. Use this banner for desktops, laptops, and other devices accommodating banners of
1300 characters. The banner shall be implemented as a click-through banner at logon (to
the extent permitted by the operating system), meaning it prevents further activity on the
information system unless and until the user executes a positive action to manifest
agreement by clicking on a box indicating "OK."]
You are accessing a U.S. Government (USG) Information System (IS) that is provided
for USG-authorized use only.
By using this IS (which includes any device attached to this IS), you consent to the
following conditions:
-The USG routinely intercepts and monitors communications on this IS for purposes
including, but not limited to, penetration testing, COMSEC monitoring, network
operations and defense, personnel misconduct (PM), law enforcement (LE), and
counterintelligence (CI) investigations.
-At any time, the USG may inspect and seize data stored on this IS.
-Communications using, or data stored on, this IS are not private, are subject to routine
monitoring, interception, and search, and may be disclosed or used for any USG authorized
purpose.
-This IS includes security measures (e.g., authentication and access controls) to protect
USG interests--not for your personal benefit or privacy.
-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI
investigative searching or monitoring of the content of privileged communications, or
work product, related to personal representation or services by attorneys,
psychotherapists, or clergy, and their assistants. Such communications and work product
are private and confidential. See User Agreement for details.

B. For BlackBerrys and other PDAs/PEDs with severe character limitations:
I've read & consent to terms in IS user agreem't.
Check Procedures:
Work with the SA to review the configuration of the PDA security management server or security
policy configured on the PDA/smartphone.
Review a sample of devices to check that the required banner is being used.
Note: Depending on the system, this setting could be set on the management server or on the handheld device.

*****Set IT Policy rule “Lock Owner Info“ (Common policy group) to “1 (Lock Information text) or 3 (Lock both Name and Information text)“.

Check Procedures:

This is a BES IT Policy check. Recommend all checks related to BES IT policies be reviewed using the procedure in Check WIR1400-01 (V0003545 ).

*****Verify the IT Policy rule “Lock Owner Info" has been configured as required.

Mark as a finding if not set as required.
Fix Text (F-23386r4_fix)
Configure the IT Policy rule as specified in the "Checks" block.