Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-47229 | BB10-2X-000430 | SV-60101r1_rule | Low |
Description |
---|
The contact database often contains a significant amount of information beyond each person's name and phone number. The records may contain addresses and other identifying or sensitive information that should not be revealed. There may be cases in which an organization has determined it is an acceptable risk to distribute parts of a person's contact record but not others. Enabling the system administrator to select which fields are available outside the contact database application (or to applications outside the work persona in the case of a dual persona device) assists with management of the risk. |
STIG | Date |
---|---|
BlackBerry 10.2.x OS Security Technical Implementation Guide | 2014-06-13 |
Check Text ( C-50055r1_chk ) |
---|
On BlackBerry Device Service: Ensure "Personal Apps Access to Work Contacts" IT Policy rule is set to "Only BlackBerry Apps". Otherwise, this is a finding. |
Fix Text (F-50933r1_fix) |
---|
On BlackBerry Device Service, set "Personal Apps Access to Work Contacts" IT Policy rule to "Only BlackBerry Apps". NOTE: This fix procedure affects both Personal and Work Spaces. |