STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to BlackBerry CylancePROTECT Mobile for UEM Security Technical Implementation Guide

V-257260

CAT II (Medium)

CylancePROTECT Mobile malware detection must be configured with the following compliance actions for system apps (Android only): -Prompt for compliance: Immediate enforcement action. -Prevent the user from accessing work resources and apps on the device while it is out of compliance. -Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance.

Rule ID

SV-257260r918364_rule

STIG

BlackBerry CylancePROTECT Mobile for UEM Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000366

Discussion

When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device.

Check Content

Verify the following compliance actions are enabled when malware is detected for system apps (Android only):
-Prompt for compliance: Immediate enforcement action.
-Prevent the user from accessing work resources and apps on the device while it is out of compliance.
-Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance.

1. Log on to the BlackBerry UEM console.
2. Select Policies and profiles >> Compliance >> Compliance.
3. Select a compliance profile to review.
4. On the Android tab in the BlackBerry Protect section, verify:
a. The "System app malware detected" box is selected.
b. In the Prompt for compliance box, verify "Immediate enforcement action" is selected.
c. In the "Enforcement action for device" drop-down list, verify "Untrust" is selected.
d. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, verify "Do not allow BlackBerry Dynamics apps to run" is selected.

If required compliance actions when malware is detected for system apps are not configured, this is a finding.

Fix Text

Enable the following compliance actions when malware is detected for system apps (Android only):
-Prompt for compliance: Immediate enforcement action.
-Prevent the user from accessing work resources and apps on the device while it is out of compliance.
-Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance.

1. Log on to the BlackBerry UEM console.
2. Select Policies and profiles >> Compliance >> Compliance.
3. Create a new compliance profile or select and edit an existing compliance profile.
4. On the Android tab in the BlackBerry Protect section, do the following:
a. Select the "System app malware detected" check box.
b. Configure the behavior prompt settings: Prompt for compliance: "Immediate enforcement action".
c. In the "Enforcement action for device" drop-down list, select "Untrust" (work resources and apps cannot be accessed).
d. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, select "Do not allow BlackBerry Dynamics apps to run".
5. Click "Save".
6. Assign the profile to users and groups.