CylancePROTECT Mobile malware detection must be configured with the following compliance actions for nonsystem apps (Android only): -Prompt for compliance: Immediate enforcement action. -Prevent the user from accessing work resources and apps on the device while it is out of compliance. -Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-257261 | BBCP-00-012700 | SV-257261r918367_rule | CCI-000366 | medium |
| Description | ||||
| When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device. | ||||
| STIG | Date | |||
| BlackBerry CylancePROTECT Mobile for UEM Security Technical Implementation Guide | 2023-11-21 | |||
Details
Check Text (C-257261r918367_chk)
Verify the following compliance actions are enabled when malware is detected for nonsystem apps (Android only):
-Prompt for compliance: Immediate enforcement action.
-Prevent the user from accessing work resources and apps on the device while it is out of compliance.
-Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance.
1. Log on to the BlackBerry UEM console.
2. Select Policies and profiles >> Compliance >> Compliance.
3. Select a compliance profile to review.
4. On the Android tab in the BlackBerry Protect section, verify:
a. The "Malicious app package detected" box is selected.
b. In the Prompt for compliance box, verify "Immediate enforcement action" is selected.
c. In the "Enforcement action for device" drop-down list, verify "Untrust" is selected.
d. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, verify "Do not allow BlackBerry Dynamics apps to run" is selected.
If required compliance actions when malware is detected for nonsystem apps are not configured, this is a finding.
Fix Text (F-60887r918366_fix)
Configure the following compliance actions when malware is detected for nonsystem apps (Android only):
-Prompt for compliance: Immediate enforcement action.
-Prevent the user from accessing work resources and apps on the device while it is out of compliance.
-Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance.
1. Log on to the BlackBerry UEM console.
2. Select Policies and profiles >> Compliance >> Compliance.
3. Create a new compliance profile or select and edit an existing compliance profile.
4. On the Android tab in the BlackBerry Protect section, do the following:
a. Select the "Malicious app package detected" check box.
b. Configure the behavior prompt settings: Prompt for compliance: "Immediate enforcement action".
c. In the "Enforcement action for device" drop-down list, select "Untrust" (work resources and apps cannot be accessed).
d. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, select "Do not allow BlackBerry Dynamics apps to run".
5. Click "Save".
6. Assign the profile to users and groups.