U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

  1. Checklist Repository

BlackBerry CylancePROTECT Mobile for UEM STIG Ver 1, Rel 2 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
Blackberry CylancePROTECT Mobile for UEM cpe:/a:blackberry:cylanceprotect_mobile_for_uem:- (View CVEs)

Checklist Highlights

Checklist Name:
BlackBerry CylancePROTECT Mobile for UEM STIG
Checklist ID:
1060
Version:
Ver 1, Rel 2
Type:
Compliance
Review Status:
Final
Authority:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:
07/04/2023

Checklist Summary:

The BlackBerry CylancePROTECT Mobile for UEM Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DOD) information systems. This document is meant for use in conjunction with other STIGs, such as the BlackBerry UEM STIG. CylancePROTECT Mobile is a suite of features that enhances BlackBerry UEM’s ability to detect, prevent, and resolve security threats. CylancePROTECT Mobile uses a combination of technologies, including: • A cloud-based connected service called Cylance INFINITY that uses AI and machine learning to identify malware and unsafe URLs. • UEM server providing device management and control of the PROTECT Mobile features. • UEM Client and BlackBerry Dynamics applications (if used) that CylancePROTECT integrates with to monitor and enforce security standards at both the device and user levels. CylancePROTECT Mobile for UEM includes the following features: • Malware detection, both internally deployed apps and apps installed on device (Android only). • Detection of sideloaded apps (iOS and Android). • Safe browsing with BlackBerry Dynamics apps (iOS and Android). • Scanning URLs in text messages (iOS only). • Protect devices from network threats, Wi-Fi, and wired networks (iOS and Android). • BlackBerry Dynamics app integrity checking (iOS only). • Security patch compliance for BlackBerry Dynamics apps (Android only). • Hardware certificate attestation for BlackBerry Dynamics apps (Android only). Note: CylancePROTECT Mobile for UEM features are fully integrated into the existing components of the overall UEM server and device architecture; therefore, no additional software footprint or user actions except for an appropriate

Checklist Role:

  • Server

Known Issues:

Not provided.

Target Audience:

Parties within the DOD and federal government’s computing environments can obtain the applicable STIG from the DOD Cyber Exchange website at https://cyber.mil/. This site contains the latest copies of STIGs, SRGs, and other related security information. Those without a Common Access Card (CAC) that has DOD Certificates can obtain the STIG from https://public.cyber.mil/.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

This document is provided under the authority of DODI 8500.01.

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

DISA accepts no liability for the consequences of applying specific configuration settings made on the basis of the SRGs/STIGs. It must be noted that the configuration settings specified should be evaluated in a local, representative test environment before implementation in a production environment, especially within large user populations. The extensive variety of environments makes it impossible to test these configuration settings for all potential software configurations. For some production environments, failure to test before implementation may lead to a loss of required functionality. Evaluating the risks and benefits to a system’s particular circumstances and requirements is the system owner’s responsibility. The evaluated risks resulting from not applying specified configuration settings must be approved by the responsible AO. Furthermore, DISA implies no warranty that the application of all specified configurations will make a system 100 percent secure. Security guidance is provided for the DOD. While other agencies and organizations are free to use it, care must be given to ensure that all applicable security guidance is applied at both the device hardening level and the architectural level due to the fact that some settings may not be configurable in environments outside the DOD architecture.

Product Support:

Not provided.

Point of Contact:

Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Sponsor:

Not provided.

Licensing:

Not provided.

Change History: 

NEW checklist - 6/30/23
Update to FINAL - 7/31/23
updated URLs - 1/29/24

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 01/29/2024