UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

An Application Control Policy must be assigned to each application listed in any Application White List software configuration assigned to user accounts on the BES. Note: This check applies to BES 4.1.x only. On BES 5, an application control policy is automatically assigned when an application is selected for a software configuration.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19203 WIR1310-03 SV-21092r2_rule Medium
Description
Applications must only have access to BlackBerry resources (e.g., microphone, address book, browser, email messages, etc.) they need for their function; otherwise, sensitive data could be exposed to unauthorized users or the BlackBerry system could be compromised.
STIG Date
BlackBerry Enterprise Server (version 5.x), Part 2 Security Technical Implementation Guide 2013-03-14

Details

Check Text ( C-23140r2_chk )
Detailed Policy Requirements:

An Application Control Policy must be set up on the BES for each application listed in an Application White List software configuration on the BES. For mandatory applications, the Application Control Policy should have the “Disposition” rule set to “Required”.

Check Procedures:
Use the list of Application White List software configurations assigned to user accounts developed in Check WIR1310-01.

Step 1: Determine the list of assigned Application Control Policies.

For each Application White List software configuration assigned to a user, complete the following:
- In the BlackBerry Manager, click BlackBerry Domain in the left pane.
- Click Software Configurations tab.
- In the Configuration Name list, double-click on one of the software configurations that was assigned to a BES User Group.
- Expand the Application Software tree.
- Determine if an Application Control Policy has been assigned to each application listed in the tree under the Application Software group. If an Application Control Policy has been assigned, note the name of the Application Control Policy.

(Note: If an Application Control Policy has not been assigned to an application, this has the affect of denying the use of the application on site managed BlackBerry devices.)


Step 2: Verify each Application Control Policy is configured as required.

For each application listed under the Application Software group (for each software configuration), verify the Application Control Policy is compliant with the policy in Table C-4 of the BlackBerry STIG Overview. Use the following procedure to verify each Application Control Policy is configured correctly.

- In the BlackBerry Manager, in the left pane, click BlackBerry Domain.
- On the Software Configurations tab, click Manage Applications Policies.
- For each Application Control Policy identified in Step 1, double click the policy to open it and verify it has been configured as required in Table C-4 of the BlackBerry STIG Overview.

If any Application Control Policy is not configured as required, mark as a finding. Identify the Application White List software configuration, Application Control Policy, and application in the VMS remarks.

Remember to do the above steps for each Application White List software configuration. Findings comments in VMS should identify the Application White List software configuration and/or application not compliant.
Fix Text (F-19819r1_fix)
Set up the required Applications Control Policies.