UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The results and mitigation actions from Autoberry and Fixmo Sentinel tool scans must be maintained by the site for at least 6 months (1 year recommended).


Overview

Finding ID Version Rule ID IA Controls Severity
V-19217 WIR1015-03 SV-21106r4_rule ECWN-1 Low
Description
Scan results must be maintained so that auditors can verify mitigation actions have been completed, so that a scan can be compared to a previous scan, and to determine if there are any security vulnerability trends for site managed Blackberry devices.
STIG Date
BlackBerry Handheld Device Security Technical Implementation Guide 2011-09-30

Details

Check Text ( C-23155r3_chk )
Detailed Policy Requirements:

Each site must maintain the results of Autoberry scans on site managed BlackBerrys as follows:

- The results of all Autoberry and Fixmo Sentinel tool scans will be maintained by either the site BlackBerry Administrator or IAO.
- Autoberry scans can be conducted by either the site BlackBerry Administrator or by each BlackBerry user. If conducted by the BlackBerry user, the results and mitigation actions reported by the tool will be provided to the site IAO or BlackBerry Administrator for storage.
- The site IAM should designate the length of time that a site maintain the results of individual BlackBerry scans (6 months required, at least 1 year is recommended). Control or Baseline scans should be maintained until a BlackBerry device is decommissioned.

Check Procedures

Interview the IAO and BlackBerry Administrator. Verify the IAO or BlackBerry Administrator is saving records of scan results and mitigation actions for the length of time designated by the site IAM.
Fix Text (F-23340r1_fix)
The results and mitigation actions from Autoberry scans must be maintained by the site for at least 6 months (1 year recommended).