STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to BlackBerry CylancePROTECT Mobile for UEM Security Technical Implementation Guide

V-257268

CAT II (Medium)

CylancePROTECT Mobile must be configured with the following compliance actions when an Android device fails security patch compliance and attestation: -Prompt behavior: Immediate enforcement action. -Enforcement action for device: Select either "Untrust", "Delete only work data" or "Delete all data". -Enforcement action for BlackBerry Dynamics apps: Select either "Do not allow BlackBerry Dynamics apps to run" or "Delete BlackBerry Dynamics apps data".

Rule ID

SV-257268r918388_rule

STIG

BlackBerry CylancePROTECT Mobile for UEM Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000366

Discussion

When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device.

Check Content

Verify the following compliance actions when an Android device fails security patch compliance and attestation have been configured:
-Prompt behavior: Immediate enforcement action.
-Enforcement action for device: Select either "Untrust", "Delete only work data", or "Delete all data".
-Enforcement action for BlackBerry Dynamics apps: Select either "Do not allow BlackBerry Dynamics apps to run" or "Delete BlackBerry Dynamics apps data".

1. Log on to the BlackBerry UEM console.
2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance.
3. Select the appropriate compliance profile (have the site system administrator identify the profile).
4. On the Android tab, verify "Required security patch level is not installed" check box has been selected.
5. Verify for "Prompt behavior" "Immediate enforcement action" has been selected.
6. Verify for "Enforcement action for device" either "Untrust", "Delete work data only", or "Delete all data" has been selected.
7. Verify for "Enforcement action for BlackBerry Dynamics apps" either "Do not allow BlackBerry Dynamics apps to run" or "Delete BlackBerry Dynamics apps data" has been selected.

If required compliance actions when an Android device fails security patch compliance and attestation have not been configured, this is a finding.

Fix Text

Configure the following compliance actions when an Android device fails security patch compliance and attestation:
-Prompt behavior: Immediate enforcement action.
-Enforcement action for device: Select either "Untrust", "Delete only work data", or "Delete all data".
-Enforcement action for BlackBerry Dynamics apps: Select either "Do not allow BlackBerry Dynamics apps to run" or "Delete BlackBerry Dynamics apps data".

1. Log on to the BlackBerry UEM console.
2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance.
3. Create a new compliance profile or select and edit an existing compliance profile.
4. On the Android tab, select the "Required security patch level is not installed" check box. Add the required device models and corresponding security patches.
5. For "Prompt behavior", select "Immediate enforcement action".
6. For "Enforcement action for device" select either "Untrust", "Delete work data only", or "Delete all data".
7. For "Enforcement action for BlackBerry Dynamics apps", select either "Do not allow BlackBerry Dynamics apps to run" or "Delete BlackBerry Dynamics apps data".
8. Click "Add" or "Save".
9. Assign the profile to users and groups.