| Finding ID |
Severity |
Title |
Description |
|
V-257273
|
Medium |
CylancePROTECT Mobile must be configured to enable SMS text message scanning (iOS only). |
The required application configurations will ensure that the minimum security baseline of the system is maintained to limit exposure of sensitive data and unauthorized access to the mobile device. |
|
V-257272
|
Medium |
CylancePROTECT Mobile must be configured to disable anonymous data collection by BlackBerry for both iOS and Android devices. |
The required application configurations will ensure that the minimum security baseline of the system is maintained to limit exposure of sensitive data and unauthorized access to the mobile device. |
|
V-257271
|
Medium |
CylancePROTECT Mobile must be configured with the following compliance actions when a hardware attestation boot state failure occurs (Android only):
-Prompt behavior: "Immediate enforcement action".
-Enforcement action for BlackBerry Dynamics apps: "Do not allow BlackBerry Dynamics apps to run". |
When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device. |
|
V-257270
|
Medium |
CylancePROTECT Mobile must be configured with the following compliance actions when a hardware attestation certificate failure occurs (Android only):
-Minimum security level required: "Trusted Environment" or "StrongBox"
-Prompt behavior: "Immediate enforcement action".
-Enforcement action for BlackBerry Dynamics apps: "Do not allow BlackBerry Dynamics apps to run". |
When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device. |
|
V-257269
|
Medium |
CylancePROTECT Mobile must be configured with the following compliance actions when a hardware attestation failure occurs (Android only):
-Prompt for compliance: Immediate enforcement action.
-Enforcement action for BlackBerry Dynamics apps: Do not allow BlackBerry Dynamics apps to run. |
When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device. |
|
V-257268
|
Medium |
CylancePROTECT Mobile must be configured with the following compliance actions when an Android device fails security patch compliance and attestation:
-Prompt behavior: Immediate enforcement action.
-Enforcement action for device: Select either "Untrust", "Delete only work data" or "Delete all data".
-Enforcement action for BlackBerry Dynamics apps: Select either "Do not allow BlackBerry Dynamics apps to run" or "Delete BlackBerry Dynamics apps data". |
When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device. |
|
V-257267
|
Medium |
CylancePROTECT Mobile must be configured with the following Android security patch compliance and hardware certificate attestation controls:
-"Android hardware attestation frequency" = 6 hours
-"Device grace period" = 0 hours
-"Challenge frequency for noncompliant devices" = 6 hours. |
The required application configurations will ensure that the minimum security baseline of the system is maintained to limit exposure of sensitive data and unauthorized access to the mobile device. |
|
V-257266
|
Medium |
CylancePROTECT Mobile must be configured with the following compliance actions for integrity violations with BlackBerry Dynamics apps on iOS devices:
-Prompt for compliance: Immediate enforcement action
-Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance. |
When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device. |
|
V-257265
|
Medium |
CylancePROTECT Mobile must be configured with the following compliance actions when insecure networks are detected for mobile devices:
-Block device from network connection and insecure Wi-Fi access points.
-Block access to BlackBerry Dynamics apps. |
When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device. |
|
V-257264
|
Medium |
CylancePROTECT Mobile must be configured with the following safe browsing controls for BlackBerry Dynamics apps:
-Block all unsafe URLs
-Select one of the following for "scanning option": "Cloud scanning" or "On device scanning".
-Disable "Allow users to override blocked resources and enable access to the requested domain". |
The required application configurations will ensure that the minimum security baseline of the system is maintained to limit exposure of sensitive data and unauthorized access to the mobile device. |
|
V-257263
|
Medium |
CylancePROTECT Mobile must be configured with the following compliance actions when sideloaded apps are detected:
-Prompt for compliance: Immediate enforcement action.
-Prevent the user from accessing work resources and apps on the device while it is out of compliance.
-Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance. |
When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device. |
|
V-257262
|
Medium |
CylancePROTECT Mobile must be configured with the following compliance action when a compliance event occurs:
-Notify Administrator (send event notification). |
When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device. |
|
V-257261
|
Medium |
CylancePROTECT Mobile malware detection must be configured with the following compliance actions for nonsystem apps (Android only):
-Prompt for compliance: Immediate enforcement action.
-Prevent the user from accessing work resources and apps on the device while it is out of compliance.
-Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance. |
When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device. |
|
V-257260
|
Medium |
CylancePROTECT Mobile malware detection must be configured with the following compliance actions for system apps (Android only):
-Prompt for compliance: Immediate enforcement action.
-Prevent the user from accessing work resources and apps on the device while it is out of compliance.
-Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance. |
When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device. |
