UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Data-at-Rest encryption (Content Protection) must be enabled on BlackBerry devices. IT Policy rule “Content Protection Strength” (Security policy group) must be set as required.


Overview

Finding ID Version Rule ID IA Controls Severity
V-12164 WIR1445-01 SV-12718r2_rule ECSC-1 Medium
Description
DoD 8500 policy requires data-at-rest protection be enabled on all IT devices containing sensitive data in case the device is lost or stolen. This protection normally involves password or pin protected access.
STIG Date
BlackBerry Enterprise Server (version 5.x), Part 3 Security Technical Implementation Guide 2013-06-21

Details

Check Text ( C-14991r2_chk )
*****For this check, set IT Policy rule “Content Protection Strength” (Security policy group) to “Stronger or Strongest”.

Data-at-Rest encryption (Content Protection) must be enabled on BlackBerry devices. Note: When Content Protection is enabled in BES 4.1.4 and earlier and BlackBerry handheld software version before 4.5, the BES system administrator cannot remotely unlock a BlackBerry device and remotely reset the device password.

Check Procedures:

This is a BES IT Policy check. Recommend all checks related to BES IT policies be reviewed using the procedure in Check WIR1400-01 (V0003545).

*****Verify IT Policy rule “Content Protection Strength” (Security policy group) is set as required.

This check can also be verified on a sample of site BlackBerrys (3-4 devices) but the preferred procedure is to verify on the BES. Use the following procedure on BlackBerry devices:

o Settings>Options>Security Options>General Settings>Content Protection.
o Verify Content Protection is set to Enabled.
o Verify the setting cannot be changed.
Fix Text (F-23386r2_fix)
Configure the IT Policy rule Require FIPS Ciphers as specified in the "Checks" block.