Free DISA STIG and SRG Library | Vaulted

V-16341

An Application White List software configuration must be assigned to all BES user accounts.

Finding ID
WIR1310-01
Rule ID
SV-17334r3_rule
Severity
Cat I
CCE
(None)
Group Title
Assign Application White List to all users
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

The primary BlackBerry malware control is to set up one or more Application White List software configurations on the BES. Every user and group account must be assigned at least one Application White List software configuration. In an Application White List, the use of all non-core applications is denied unless an application is expressly allowed.

Fix Text

An application White List software configuration must be assigned to all BES user accounts.

Check Content

Check the BES to see if an Application White List software configuration has been assigned to each BES user account. Note: Section 3.2.5.2 of the BlackBerry STIG Overview has instructions for setting up an Application White List software configuration and assigning it to a user or a group account. For BES 5.0: -BAS >> BlackBerry solution management >> User >> Manage users -Select at least 20 user accounts from different offices or sites on the BES at random and complete the following: **Click on the user account name. **Click on the "Software configuration" tab. **Note the name of the software configuration assigned to the user (this will be the assigned "Application White List"). The name should be in a similar format to the following: "DISA Application White List 1". If any user account has not been assigned an Application White List software configuration, this is a finding. Note: The required configuration of the Application White List will be verified in checks WIR1310-02 and WIR1310-03.

Responsibility

System Administrator