STIGQter: STIG Summary: BlackBerry UEM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The BlackBerry UEM server must be configured to display the required DoD warning banner upon administrator logon. Note: This requirement is not applicable if the TOE platform is selected in FTA_TAB.1.1 in the Security Target (ST).

DISA Rule

SV-224376r604136_rule

Vulnerability Number

V-224376

Group Title

PP-MDM-411056

Rule Version

BUEM-00-000520

Severity

CAT II

CCI(s)

• CCI-000048 - The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Weight

10

Fix Recommendation

On the BlackBerry UEM, do the following:
1. Log in to the BlackBerry UEM console.
2. Select the "Settings" tab on the left pane.
3. Expand the "General" settings tab on the left pane.
4. Select "Login notices" from the menu in the left pane.
5. Click the "pencil" icon (upper right corner) to edit the "Login notice".
6. Select the checkbox next to "Enable a login notice for the management console".
7. In the "Enable a login notice for the management console" field, type the DoD banner found in the VulDiscussion.
8. Click "Save".

If the self-service portal is used in the organization select the checkbox next to "Enable a login notice for the self-service console" before selecting "Save in step 8.

Check Contents

Review the BlackBerry UEM server documentation and configuration settings to determine if the warning banner is using the appropriate designated wording.
On the BlackBerry UEM, do the following:
1. Log in to the BlackBerry UEM console.
2. Select the "Settings" tab on the left pane.
3. Expand the "General" settings tab on the left pane.
4. Select "Login notices" from the menu in the left pane.
5. Verify the checkbox next to "Enable a login notice for the management console" is checked.
6. Verify the console logon notice text exactly matches the VulDiscussion text.
7. Verify the checkbox next to "Enable a login notice for the self-service console" is checked if the self-service portal is used at the site.
8. Verify the self-service console logon notice text exactly matches the VulDiscussion text.

Alternately, have the administrator log in to the UEM console to view the warning banner.

If the console notice wording does not exactly match the VulDiscussion text, this is a finding.

Vulnerability Number

V-224376

Documentable

False

Rule Version

BUEM-00-000520

Severity Override Guidance

Review the BlackBerry UEM server documentation and configuration settings to determine if the warning banner is using the appropriate designated wording.
On the BlackBerry UEM, do the following:
1. Log in to the BlackBerry UEM console.
2. Select the "Settings" tab on the left pane.
3. Expand the "General" settings tab on the left pane.
4. Select "Login notices" from the menu in the left pane.
5. Verify the checkbox next to "Enable a login notice for the management console" is checked.
6. Verify the console logon notice text exactly matches the VulDiscussion text.
7. Verify the checkbox next to "Enable a login notice for the self-service console" is checked if the self-service portal is used at the site.
8. Verify the self-service console logon notice text exactly matches the VulDiscussion text.

Alternately, have the administrator log in to the UEM console to view the warning banner.

If the console notice wording does not exactly match the VulDiscussion text, this is a finding.

Check Content Reference

M

Target Key

4134

Comments