V-257265

Discussion

When a compliance failure is detected, compliance actions must be implemented immediately to limit exposure of sensitive data and unauthorized access to the mobile device.

Check Content

Verify the following compliance actions are enabled when insecure networks are detected:
-Block device from network connection and insecure Wi-Fi access points.
-Block access to BlackBerry Dynamics apps.

1. Log on to the BlackBerry UEM console.
2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance.
3. Open the appropriate compliance profile (have the site system administrator identify the profile).
4. Verify required compliance actions for insecure network detection are enabled.
a. On both the iOS and Android tabs, in the BlackBerry Protect section, verify "Insecure network detected" is selected.
b. In the "Prompt for compliance" drop-down list, verify "Immediate enforcement action" is selected.
c. In the "Enforcement action for device" drop-down list, verify "Untrust" is selected (Android only).
d. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, verify "Do not allow BlackBerry Dynamics apps to run" is selected.
5. Verify compliance actions for insecure Wi-Fi access point detection are enabled (Android only).
a. On the Android tab in the BlackBerry Protect section, verify "Insecure Wi-Fi network detected" is selected.
b. In the "Prompt for compliance" drop-down list, verify "Immediate enforcement action" is selected.
c. In the "Enforcement action for device" drop-down list, verify "Untrust" is selected. 
d. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, verify "Do not allow BlackBerry Dynamics apps to run" is selected.

If any required compliance actions for insecure network detection for mobile devices has not been implemented, this is a finding.