BES IT Policy rule is configured as required. IT Policy rule Application Installation Methods (Security policy group) must be set as required.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-37376	WIR1450-46	SV-49138r2_rule	CODP-1 ECSC-1	Low

Description
Unapproved applications have not been properly vetted and may contain malware. Therefore, applications should only be deployed to BlackBerry devices from BlackBerry Enterprise Servers (BES).

STIG	Date
BlackBerry Enterprise Server (version 5.x), Part 3 Security Technical Implementation Guide	2015-07-02

Details

Check Text ( C-45624r3_chk )
Detailed Policy Requirements: For this check, set IT Policy rule “Application Installation Methods” (Security policy group) to: • Disallow Browser • Disallow Media Card • Disallow USB Check Procedures: This is a BES IT Policy check. Recommend all checks related to BES IT policies be reviewed using the procedure in Check WIR1400-01 (V0003545). *****Verify IT Policy rule “Application Installation Methods” (Wired Software Updates policy group) is set as required.

Check Text ( C-45624r3_chk )

Detailed Policy Requirements:

For this check, set IT Policy rule “Application Installation Methods” (Security policy group) to:

• Disallow Browser
• Disallow Media Card
• Disallow USB

Check Procedures:

This is a BES IT Policy check. Recommend all checks related to BES IT policies be reviewed using the procedure in Check WIR1400-01 (V0003545).

*****Verify IT Policy rule “Application Installation Methods” (Wired Software Updates policy group) is set as required.

Fix Text (F-42301r1_fix)
Configure the IT Policy rule Application Installation Methods as specified in the "Checks" block.