Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16340 | WIR1015-01 | SV-17333r7_rule | ECSC-1 | Medium |
Description |
---|
The purpose of this scan is to determine if there has been an unexplained change in the BlackBerry file system that may indicate the device has been compromised. |
STIG | Date |
---|---|
BlackBerry Handheld Device Security Technical Implementation Guide | 2012-02-08 |
Check Text ( C-17399r6_chk ) |
---|
Detailed Policy Requirements: All site managed BlackBerry devices must be scanned with the DoD Autoberry tool or the commercially available Fixmo Sentinel tool (Desktop or Enterprise version) using the following schedule: - Scan immediately after BlackBerry is provisioned or reprovisioned (this is the “control” or “baseline” scan). - Scan before and after the BlackBerry user travels Outside the Continental United States (OCONUS), if BlackBerry user is based within Continental United States (CONUS) and perform a comparison of the two scans. - Scan at least every 90 days if BlackBerry user is based OCONUS and compare current scan results to the previous scan. - BlackBerry devices of executives, senior managers, and staff in sensitive positions should be scanned at least every 90 days, and results from the current scan compared to the previous scan. Commanders, DAAs, or IAOs will designate BlackBerry users who meet this criteria. - All other BlackBerry devices should be scanned at least once every 6 months and results from the current scan compared to the previous scan. Note: Autoberry and Sentinel Desktop scans can be conducted by either the site BlackBerry administrator or by each BlackBerry user. Sentinel Enterprise scans are automated and require no action by the user. Note: For DoD sites using an approved Bluetooth headset/hands free device, it is strongly recommended that the site deploy Sentinel Enterprise. Sentinel Enterprise has the ability to scan actively paired Bluetooth devices on site managed BlackBerrys and perform an audit to verify only approved devices are connected to the BlackBerry. Check Procedures: Interview the IAO and BlackBerry Administrator. - Determine if the site is conducting required control or baseline scans and is saving the results of the scans. - Determine if the site has any executives, senior managers, and staff in sensitive positions. If yes, determine if Autoberry or Fixmo Sentinel scans are conducted as required and the scan results are maintained by the site IAO or BlackBerry administrator. - If the site is located CONUS, determine if the site has BlackBerry users that travel OCONUS. If yes, determine if Autoberry scans are conducted as required on BlackBerry devices of these users and the scan results are maintained by the site IAO or BlackBerry administrator. - If the site is located CONUS, determine if Autoberry/Sentinel scans are conducted at least every 6 months on site BlackBerry devices and the scan results are maintained by the site IAO or BlackBerry administrator. - If the site is located OCONUS, determine if Autoberry/Sentinel scans are conducted at least every 90 days on site BlackBerry devices and the scan results are maintained by the site IAO or BlackBerry administrator. Mark as a finding if any requirements are not being met by the site. |
Fix Text (F-23339r1_fix) |
---|
BlackBerry devices managed by the site must be scanned with the DoD Autoberry tool as required. |