UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The BlackBerry MDM Agent must be configured to generate an audit record of successful required events, including: (See Vulnerability Discussion for list). This requirement only applies to Work space only and Work and personal - Regulated activation types and to version 10.3.3 and later of the BlackBerry OS.


Overview

Finding ID Version Rule ID IA Controls Severity
V-65733 BB10-3X-020220 SV-80223r2_rule Low
Description
Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. They help identify attacks, so that breaches can either be prevented or limited in their scope. They facilitate analysis to improve performance and security. Required events: a. Start-up and shutdown of the audit functions; b. Change in MDM policy; c. Device modification commanded by the MDM server; d. Specifically defined auditable events in Table 7 of MDM Agent EP v.2.0. SFR ID: FAU_GEN.1.1(2) Refinement, MDM Agent EP
STIG Date
BlackBerry OS 10.3.x Security Technical Implementation Guide 2016-05-18

Details

Check Text ( C-66389r2_chk )
Review BlackBerry OS 10.3 configuration settings to determine if the BlackBerry is configured to generate an audit record of successful required events, including Start-up and shutdown of the audit functions, Change in MDM policy, Device modification commanded by the MDM server, and Specifically defined auditable events in Table 7 of MDM Agent EP v.2.0. This procedure is performed on only on the BES console.

Note: If an organization has multiple configuration profiles, then the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.

On the BES 12, do the following:
1. Log into the BES 12 console and select the "POLICIES AND PROFILES” tab at the top of the screen.
2. Expand the “IT policies” tab on the left pane.
3. Select and open each IT policy assigned to users in turn.
4. After opening the policy, select the “Settings” and “BlackBerry” tabs.
5. Scroll down to the “Security and Privacy” group of IT policy rules.
6. Verify "Successful event logging" is selected.

If the BES IT policy rule "Successful event logging" is not selected, this is a finding.

Note: Procedures above are for BES 12 only, and is not available on BES 10.
Fix Text (F-71777r1_fix)
On the BES 12, do the following:
1. Log into the BES 12 console and select the "POLICIES AND PROFILES” tab at the top of the screen.
2. Expand the “IT policies” tab on the left pane.
3. Select and open each IT policy assigned to users in turn.
4. After opening the policy, select the “Settings” and “BlackBerry” tabs.
5. Click the pencil icon (upper right corner) to edit the IT Policy.
6. Scroll down to the “Security and Privacy” group of IT policy rules.
7. Select the check box next to the IT Policy "Event logging".
8. Select the check box next to the IT Policy "Successful event logging".
9. Click "Save".

Note: Procedures above are for BES 12 only, and is not available on BES 10.