Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-68689 | BS12-3X-003900 | SV-83179r1_rule | Medium |
Description |
---|
Failure to generate these audit records makes it more difficult to identify or investigate attempted or successful compromises, potentially causing incidents to last longer than necessary. SFR ID: FAU_GEN.1.1(2) Refinement |
STIG | Date |
---|---|
BlackBerry BES 12.5.x MDM Security Technical Implementation Guide | 2016-04-25 |
Check Text ( C-69193r1_chk ) |
---|
Review the BES12 server configuration settings to determine if the BES12 server is configured to enable all required audit events: a. Failure to push a new application on a managed mobile device; b. Failure to update an existing application on a managed mobile device. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. On the BES12, do the following: 1. Log on to the BES12 console and select the "Policies and Profiles" tab at the top of the screen. 2. Expand the "IT policies" tab on the left pane. 3. Select and open each IT policy assigned to users in turn. 4. After opening the policy, select the "Settings" and "BlackBerry" tabs. 5. Scroll down to the "Security and Privacy" group of IT policy rules. 6. Verify "Event logging" is selected. 7. Verify "Error event logging" is selected. If the BES IT policy rules "Event logging" and "Error event logging" are not selected, this is a finding. |
Fix Text (F-74811r1_fix) |
---|
On the BES12, do the following: 1. Log on to the BES12 console and select the "Policies and Profiles" tab at the top of the screen. 2. Expand the "IT policies" tab on the left pane. 3. Select and open each IT policy assigned to users in turn. 4. After opening the policy, select the "Settings" and "BlackBerry" tabs. 5. Scroll down to the "Security and Privacy" group of IT policy rules. 6. Select the checkbox next to the IT Policy "Event logging". 7. Select the checkbox next to the IT Policy "Error event logging". 8. Click "Save". |