UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

BlackBerry devices must be protected by authenticated login procedures to unlock the device. Either CAC or Password authentication is required. IT Policy rule “Password Required” (Device Only policy group) must be set to “Yes” or “True”.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3545 WIR1400-01 SV-3545r4_rule ECSC-1 High
Description
Authenticated device unlock is a key security control for the BlackBerry system to restrict access to DoD data by unauthorized individuals.
STIG Date
BlackBerry Enterprise Server (version 5.x), Part 3 Security Technical Implementation Guide 2015-07-02

Details

Check Text ( C-11522r4_chk )
This is a BES IT Policy check. Recommend all checks related to BES IT policies be reviewed using the following procedure.

1. Make a list of all IT Policies that have been assigned to BlackBerry user accounts. The list of IT Policies set up on the BES can be viewed as follows (do not list the default IT Policy) (Use Method #1 or Method #2 below):

Method #1
BAS >> BlackBerry solution management box >> Policy >> Manage IT policies. Look at each IT policy listed under Manage IT policies to be checked.
-Click on the policy name.
-Click on "View users with IT policy."
-Click Search. A list of all users assigned to the policy will be shown. For each policy that has users assigned to it, complete steps.

Method #2
-Launch and log into the BlackBerry Monitoring Service.
-On the monitoring menu, expand Reporting.
-Click "Create custom report".
-Select the following fields for the report:
**Select report type: User.
**Report title: IT Policies on BES.
**Select the following columns: "IT policy name" and "User name."
**Sort by "IT policy name".
**Report format: PDF recommended.
**Generate report.

2. Check each "Required" IT Policy rule listed in Table 1, BlackBerry STIG Configuration Tables. (There are approximately 125 rules with required configuration settings.)

Note: All IT policy rules that have not been set correctly and the name of the IT policy currently being reviewed. The name of each IT policy that has an IT policy rule not set correctly should be noted in VMS.

Note: Table 1 shows which Check STIG ID # should be marked as a finding for each IT policy rule not set correctly.

3. Repeat step 2 for each IT Policy that has users assigned to it.

4. In VMS, for each check with a finding, list the IT Policies that were found to be noncompliant.

***** For this check, verify IT Policy rule “Password Required” (Device Only policy group) is set as required.

If not set as required, this is a finding.
Fix Text (F-23386r4_fix)
Configure the IT Policy rule as specified in the "Checks" block.