BES IT Policy rule must be configured as required. IT Policy rule “Content Protection Usage” (Security policy group) must be set as required.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-25878	WIR1445-04	SV-32233r4_rule	ECSC-1	Medium

Description
DoD 8500 policy requires data-at-rest protection be enabled on all IT devices containing sensitive data in case the device is lost or stolen. This protection normally involves password or pin protected access.

STIG	Date
BlackBerry Enterprise Server (version 5.x), Part 3 Security Technical Implementation Guide	2015-07-02

Details

Check Text ( C-32699r4_chk )
For this check, set IT Policy rule "Content Protection Usage" (Security policy group) to "Allowed". Check Procedures: This is a BES IT Policy check. Recommend all checks related to BES IT policies be reviewed using the procedure in Check WIR1400-01 (V0003545). *****Verify IT Policy rule "Content Protection Usage" (Security policy group) is set as required. If not set as required, this is a finding.

Check Text ( C-32699r4_chk )

For this check, set IT Policy rule "Content Protection Usage" (Security policy group) to "Allowed".

Check Procedures:

This is a BES IT Policy check. Recommend all checks related to BES IT policies be reviewed using the procedure in Check WIR1400-01 (V0003545).

*****Verify IT Policy rule "Content Protection Usage" (Security policy group) is set as required.

If not set as required, this is a finding.

Fix Text (F-23386r4_fix)
Configure the IT Policy rule as specified in the "Checks" block.