BlackBerry Web Desktop Manager must be configured to disable a users capability to perform a backup or restore of the Work Space.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-39027	BBDS-00-000286	SV-50832r2_rule		Low

Description
The overall security posture of the BlackBerry system is dependent on strict configuration management controls, including ensuring only authorized BlackBerry devices are being used and authorized devices are provisioned as required. When these configurations are not set as required, users may have the capability to activate unauthorized BlackBerry devices.

STIG	Date
BlackBerry Enterprise Service v10.1.x BlackBerry Device Service STIG	2014-10-06

Details

Check Text ( C-46473r2_chk )
Review the BlackBerry Device Service server policy configuration to determine whether a user-initiated backup or restore of the Work Space of a managed mobile device has been disabled. If there are multiple policies, they must all be reviewed. For EMM-Corporate (BlackBerry Balance) devices, log into BlackBerry Administration Service, and under "BlackBerry solution management" on the left side of the screen, navigate to "Policy > Manage IT policies > > View complete IT Policy > Security" and verify "Backup and Restore Work Space" is set to "Disallow". Otherwise, this is a finding. For EMM-Regulated (Work Space only) devices, log into BlackBerry Administration Service, and under "BlackBerry solution management" on the left side of the screen, navigate to "Policy > Manage IT policies > > View complete IT Policy > Security" and verify "Backup and Restore Device" is set to "Disallow". Otherwise, this is a finding.

Check Text ( C-46473r2_chk )

Review the BlackBerry Device Service server policy configuration to determine whether a user-initiated backup or restore of the Work Space of a managed mobile device has been disabled. If there are multiple policies, they must all be reviewed.

For EMM-Corporate (BlackBerry Balance) devices, log into BlackBerry Administration Service, and under "BlackBerry solution management" on the left side of the screen, navigate to "Policy > Manage IT policies > > View complete IT Policy > Security" and verify "Backup and Restore Work Space" is set to "Disallow". Otherwise, this is a finding.

For EMM-Regulated (Work Space only) devices, log into BlackBerry Administration Service, and under "BlackBerry solution management" on the left side of the screen, navigate to "Policy > Manage IT policies > > View complete IT Policy > Security" and verify "Backup and Restore Device" is set to "Disallow". Otherwise, this is a finding.

Fix Text (F-43983r2_fix)
Configure the centrally managed BlackBerry Device Service server policy rule to disallow a user initiated backup or restore of the Work Space of a managed mobile device.