Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
Verify the following compliance actions are enabled when malware is detected for system apps (Android only): -Prompt for compliance: Immediate enforcement action. -Prevent the user from accessing work resources and apps on the device while it is out of compliance. -Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance. 1. Log on to the BlackBerry UEM console. 2. Select Policies and profiles >> Compliance >> Compliance. 3. Select a compliance profile to review. 4. On the Android tab in the BlackBerry Protect section, verify: a. The "System app malware detected" box is selected. b. In the Prompt for compliance box, verify "Immediate enforcement action" is selected. c. In the "Enforcement action for device" drop-down list, verify "Untrust" is selected. d. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, verify "Do not allow BlackBerry Dynamics apps to run" is selected. If required compliance actions when malware is detected for system apps are not configured, this is a finding.
Enable the following compliance actions when malware is detected for system apps (Android only): -Prompt for compliance: Immediate enforcement action. -Prevent the user from accessing work resources and apps on the device while it is out of compliance. -Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance. 1. Log on to the BlackBerry UEM console. 2. Select Policies and profiles >> Compliance >> Compliance. 3. Create a new compliance profile or select and edit an existing compliance profile. 4. On the Android tab in the BlackBerry Protect section, do the following: a. Select the "System app malware detected" check box. b. Configure the behavior prompt settings: Prompt for compliance: "Immediate enforcement action". c. In the "Enforcement action for device" drop-down list, select "Untrust" (work resources and apps cannot be accessed). d. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, select "Do not allow BlackBerry Dynamics apps to run". 5. Click "Save". 6. Assign the profile to users and groups.
Verify the following compliance actions are enabled when malware is detected for nonsystem apps (Android only): -Prompt for compliance: Immediate enforcement action. -Prevent the user from accessing work resources and apps on the device while it is out of compliance. -Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance. 1. Log on to the BlackBerry UEM console. 2. Select Policies and profiles >> Compliance >> Compliance. 3. Select a compliance profile to review. 4. On the Android tab in the BlackBerry Protect section, verify: a. The "Malicious app package detected" box is selected. b. In the Prompt for compliance box, verify "Immediate enforcement action" is selected. c. In the "Enforcement action for device" drop-down list, verify "Untrust" is selected. d. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, verify "Do not allow BlackBerry Dynamics apps to run" is selected. If required compliance actions when malware is detected for nonsystem apps are not configured, this is a finding.
Configure the following compliance actions when malware is detected for nonsystem apps (Android only): -Prompt for compliance: Immediate enforcement action. -Prevent the user from accessing work resources and apps on the device while it is out of compliance. -Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance. 1. Log on to the BlackBerry UEM console. 2. Select Policies and profiles >> Compliance >> Compliance. 3. Create a new compliance profile or select and edit an existing compliance profile. 4. On the Android tab in the BlackBerry Protect section, do the following: a. Select the "Malicious app package detected" check box. b. Configure the behavior prompt settings: Prompt for compliance: "Immediate enforcement action". c. In the "Enforcement action for device" drop-down list, select "Untrust" (work resources and apps cannot be accessed). d. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, select "Do not allow BlackBerry Dynamics apps to run". 5. Click "Save". 6. Assign the profile to users and groups.
Verify the following compliance action for CylancePROTECT Mobile has been enabled: -Notify Administrator (send event notification). 1. Log on to the BlackBerry UEM console. 2. On the menu bar, click Settings >> General settings. 3. Click "Event notifications". 4. Verify each of the following BlackBerry Protect notifications are listed: "Safe Browsing", "Malicious app removed from UEM", "Malicious app detected on device", and "Sideloaded app detected on app". If all four of the BlackBerry Protect notifications listed above are not enabled, this is a finding.
Enable the following compliance action for CylancePROTECT Mobile: -Notify Administrator (send event notification). 1. Log on to the BlackBerry UEM console. 2. On the menu bar, click Settings >> General settings. 3. Click "Event notifications". a. On the "Event notifications" tab, click "Add". b. Select event type "BlackBerry Protect". c. Click one of the following selections: "Safe Browsing", "Malicious app removed from UEM", "Malicious app detected on device", or "Sideloaded app detected on app". d. Click "Next". 4. In the Date/time to send email notification drop-down list, select one of the following options: a. Always after an event: Email notifications are sent whenever the event occurs. b. Any preconfigured schedule in the list. c. Add new scheduler: Create a schedule and click "Save". 5. In the Recipients field, select one of the following options: a. Add new distribution list: Create a distribution list and click "Save". b. Any preconfigured distribution list. 6. In the email template drop-down list, select the email template to use for the event notification. 7. In the Status drop-down list, select "On" to enable the event notification. 8. Click "Preview email" to see the event notification email and the list of email addresses for the recipients. 9. Click "Save". 10. Repeat steps 3–9 for each of the possible BlackBerry Protect event notifications ("Safe Browsing", "Malicious app removed from UEM", "Malicious app detected on device", "Sideloaded app detected on app").
Verify the following compliance actions have been enabled when sideloaded apps are detected: -Prompt for compliance: Immediate enforcement action. -Prevent the user from accessing work resources and apps on the device while it is out of compliance. -Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance. 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance. 3. Find the CylancePROTECT Mobile sideloaded app compliance profile (have the site system administrator identify the correct profile). 4. Select the iOS tab and verify the following selections: 5. In the "Prompt for compliance" drop-down list verify "Immediate enforcement action" is selected. 6. In the "Enforcement action for device" drop-down list, verify "Untrust" is selected. 7. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, verify "Do not allow BlackBerry Dynamics apps to run" is selected. 8. Repeat steps 4–6 for Android. If required compliance actions for when sideloaded apps are detected for iOS and Android are not configured, this is a finding.
Configure the following compliance actions when sideloaded apps are detected: -Prompt for compliance: Immediate enforcement action. -Prevent the user from accessing work resources and apps on the device while it is out of compliance. -Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance. 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance. 3. Create a new compliance profile or select and edit an existing compliance profile. 4. Select the iOS tab to configure sideload detection for that platform. 5. In the BlackBerry Protect section, select the "Sideloaded app is installed" check box. 6. Configure the behavior prompt settings: Prompt for compliance: "Immediate enforcement action". 7. In the "Enforcement action for device" drop-down list, select "Untrust". 8. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, select "Do not allow BlackBerry Dynamics apps to run". 9. Repeat steps 3–7 for configure compliance actions for Android. 10. Click "Save". 11. Assign the profile to users and groups.
Verify safe browsing with BlackBerry Dynamics apps has been configured as required: 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Protection >> BlackBerry Protect. 3. Open the BlackBerry Protect profile (have the site system administrator identify the profile from the list). 4. Select the platform (iOS or Android) to review. 5. Verify that the "Check for unsafe web resources within the BlackBerry Dynamics apps" check box is selected. 6. Verify "Block" is selected in the Action for unsafe web resources drop-down list. 7. Verify in the Scanning option drop-down list, one of the following has been selected AND "No scanning" is not selected: -"Cloud scanning". -"On device scanning". 8. Verify "Allow users to override blocked resources and enable access to the requested domain" is not selected. 9. Repeat steps 4–8 for the other platform (iOS or Android). If safe browsing for BlackBerry Dynamics apps on iOS and Android devices is not configured as required, this is a finding.
Configure the following safe browsing controls for BlackBerry Dynamics apps: -Block all unsafe URLs. -Select one of the following for "scanning option": Cloud scanning, on device scanning. -Disable "Allow users to override blocked resources and enable access to the requested domain". 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Protection >> BlackBerry Protect. 3. Open the BlackBerry Protect profile or create a new profile. 4. Select the platform (iOS or Android) to configure safe browsing. 5. Verify that the "Check for unsafe web resources within the BlackBerry Dynamics apps" check box is selected. 6. In the Action for unsafe web resources drop-down list, select "Block". 7. In the Scanning option drop-down list, choose one of the following only (do not choose "No scanning"): "Cloud scanning" or "On device scanning". 8. Do not select the "Allow users to override blocked resources and enable access to the requested domain" check box. 9. Repeat steps 4–8 for the other platform (iOS or Android). 10. Click "Save". 11. Assign the profile to users and groups.
Verify the following compliance actions are enabled when insecure networks are detected: -Block device from network connection and insecure Wi-Fi access points. -Block access to BlackBerry Dynamics apps. 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance. 3. Open the appropriate compliance profile (have the site system administrator identify the profile). 4. Verify required compliance actions for insecure network detection are enabled. a. On both the iOS and Android tabs, in the BlackBerry Protect section, verify "Insecure network detected" is selected. b. In the "Prompt for compliance" drop-down list, verify "Immediate enforcement action" is selected. c. In the "Enforcement action for device" drop-down list, verify "Untrust" is selected (Android only). d. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, verify "Do not allow BlackBerry Dynamics apps to run" is selected. 5. Verify compliance actions for insecure Wi-Fi access point detection are enabled (Android only). a. On the Android tab in the BlackBerry Protect section, verify "Insecure Wi-Fi network detected" is selected. b. In the "Prompt for compliance" drop-down list, verify "Immediate enforcement action" is selected. c. In the "Enforcement action for device" drop-down list, verify "Untrust" is selected. d. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, verify "Do not allow BlackBerry Dynamics apps to run" is selected. If any required compliance actions for insecure network detection for mobile devices has not been implemented, this is a finding.
Configure the following compliance actions when insecure networks are detected: -Block device from network connection and insecure Wi-Fi access points. -Block access to BlackBerry Dynamics apps. 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance. 3. Create a new compliance profile or select and edit an existing compliance profile. 4. Configure compliance actions for insecure network detection. a. On both the iOS and Android tabs, in the BlackBerry Protect section, select the "Insecure network detected" check box. b. Configure the behavior prompt settings: Prompt for compliance: "Immediate enforcement action". c. In the "Enforcement action for device" drop-down list, select the following: "Untrust" (Android only). d. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, select the following: "Do not allow BlackBerry Dynamics apps to run". 5. Configure compliance actions for insecure Wi-Fi access point detection (Android only). a. On the Android tab in the BlackBerry Protect section, select the "Insecure Wi-Fi network detected" check box. b. Configure the behavior prompt settings: Prompt for compliance: "Immediate enforcement action". c. In the "Enforcement action for device" drop-down list, select the following: "Untrust". d. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, select the following: "Do not allow BlackBerry Dynamics apps to run". 6. Click "Save". 7. Assign the profile to users.
Verify the following compliance actions for BlackBerry Dynamics apps are configured when there is an iOS device integrity violation: -Prompt for compliance: Immediate enforcement action. -Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance. 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance. 3. View the appropriate compliance profile (have the site system administrator identify the profile). 4. On the iOS tab in the BlackBerry Protect section, verify the "App integrity failed" check box is selected. 5. In the "Prompt for compliance" drop-down list verify "Immediate enforcement action" is selected 6. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, verify "Do not allow BlackBerry Dynamics apps to run" is selected. If required compliance actions for integrity violations for BlackBerry Dynamics apps on iOS devices are not enabled, this is a finding.
Configure the following compliance actions for iOS device integrity violations for BlackBerry Dynamics apps: -Prompt for compliance: Immediate enforcement action. -Prevent the user from accessing BlackBerry Dynamics apps while the device is out of compliance. 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance. 3. Create a new compliance profile or select and edit an existing compliance profile. 4. On the iOS tab in the BlackBerry Protect section, select the "App integrity failed" check box. 5. Configure the behavior prompt settings: Prompt for compliance: "Immediate enforcement action". 6. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, choose the following: "Do not allow BlackBerry Dynamics apps to run". 7. Click "Add" or "Save". 8. Assign the profile to users and groups.
Verify the following Android security patch compliance and hardware certificate attestation controls are enabled for CylancePROTECT Mobile: -"Android hardware attestation frequency" = 6 hours. -"Device grace period" = 3 days (72 hours). -"Challenge frequency for noncompliant devices = 1 day (24 hours). 1. Log on to the BlackBerry UEM console. 2. In the management console, click Settings >> General Settings >> Attestation. 3. In the "Android hardware attestation frequency" section, select verify "Enable hardware patch level attestation challenges for Android devices" is selected. 4. In the "Challenge frequency" drop-down list, verify the device attestation response is set to "1 day" (24 hours). 5. In the "Device grace period drop-down" list, verify the grace period is set to "3 days" (72 hours). 6. In the "Challenge frequency for noncompliant devices" field, verify the frequency UEM tests the integrity of devices that are not currently in compliance is set to "6 hours". If required Android security patch compliance and hardware certificate attestation controls are not enabled, this is a finding.
Configure the following Android security patch compliance and hardware certificate attestation controls: -"Android hardware attestation frequency" = 6 hours. -"Device grace period" = 3 days (72 hours). -"Challenge frequency for noncompliant devices" = 1 day (24 hours). 1. Log on to the BlackBerry UEM console. 2. In the management console, click Settings >> General Settings >> Attestation. 3. In the "Android hardware attestation frequency" section, select "Enable hardware patch level attestation challenges for Android devices" checkbox. 4. in the "Challenge frequency" drop-down list, set the device must return an attestation response to "1 day" (24 hours). 5. In the Device grace period drop-down list, set the grace period to "3 days" (72 hours). 6. In the Challenge frequency for noncompliant devices field, set how often UEM tests the integrity of devices that are not currently in compliance to "6 hours". 7. Click "Save".
Verify the following compliance actions when an Android device fails security patch compliance and attestation have been configured: -Prompt behavior: Immediate enforcement action. -Enforcement action for device: Select either "Untrust", "Delete only work data", or "Delete all data". -Enforcement action for BlackBerry Dynamics apps: Select either "Do not allow BlackBerry Dynamics apps to run" or "Delete BlackBerry Dynamics apps data". 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance. 3. Select the appropriate compliance profile (have the site system administrator identify the profile). 4. On the Android tab, verify "Required security patch level is not installed" check box has been selected. 5. Verify for "Prompt behavior" "Immediate enforcement action" has been selected. 6. Verify for "Enforcement action for device" either "Untrust", "Delete work data only", or "Delete all data" has been selected. 7. Verify for "Enforcement action for BlackBerry Dynamics apps" either "Do not allow BlackBerry Dynamics apps to run" or "Delete BlackBerry Dynamics apps data" has been selected. If required compliance actions when an Android device fails security patch compliance and attestation have not been configured, this is a finding.
Configure the following compliance actions when an Android device fails security patch compliance and attestation: -Prompt behavior: Immediate enforcement action. -Enforcement action for device: Select either "Untrust", "Delete only work data", or "Delete all data". -Enforcement action for BlackBerry Dynamics apps: Select either "Do not allow BlackBerry Dynamics apps to run" or "Delete BlackBerry Dynamics apps data". 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance. 3. Create a new compliance profile or select and edit an existing compliance profile. 4. On the Android tab, select the "Required security patch level is not installed" check box. Add the required device models and corresponding security patches. 5. For "Prompt behavior", select "Immediate enforcement action". 6. For "Enforcement action for device" select either "Untrust", "Delete work data only", or "Delete all data". 7. For "Enforcement action for BlackBerry Dynamics apps", select either "Do not allow BlackBerry Dynamics apps to run" or "Delete BlackBerry Dynamics apps data". 8. Click "Add" or "Save". 9. Assign the profile to users and groups.
Verify the following compliance actions when a hardware attestation failure occurs have been configured (Android only): -Prompt for compliance: Immediate enforcement action. -Enforcement action for BlackBerry Dynamics apps: Do not allow BlackBerry Dynamics apps to run. 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance. 3. Select the appropriate compliance profile (have the site system administrator identify the profile). 4. On the Android tab in the BlackBerry Protect section, verify the "Hardware attestation failed" box is checked. 5. In the "Prompt for compliance" drop-down list, verify "Immediate enforcement action" is selected. 6. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, verify "Do not allow BlackBerry Dynamics apps to run" is selected. If required compliance actions when a hardware attestation failure occurs have not been configured, this is a finding.
Configure the following compliance actions when a hardware attestation failure occurs (Android only): -Prompt for compliance: Immediate enforcement action. -Enforcement action for BlackBerry Dynamics apps: Do not allow BlackBerry Dynamics apps to run. 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance. 3. Create a new compliance profile or select and edit an existing compliance profile. 4. On the Android tab in the BlackBerry Protect section, select the "Hardware attestation failed" check box. 5. Configure the behavior prompt settings: Prompt for compliance: "Immediate enforcement action". 6. Configure other prompt settings (method, count, and interval) as desired (no required selections). 7. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, select "Do not allow BlackBerry Dynamics apps to run". 8. Click "Add" or "Save". 9. Assign the profile to users and groups.
Verify the following compliance actions are enabled when a hardware attestation certificate failure occurs (Android only): -Minimum security level required: "Trusted Environment" or "StrongBox". -Prompt behavior: "Immediate enforcement action". -Enforcement action for BlackBerry Dynamics apps: "Do not allow BlackBerry Dynamics apps to run". 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance. 3. Select the appropriate compliance profile (have the site system admin identify the profile). 4. On the Android tab in the BlackBerry Protect section, verify "Hardware attestation security level" has been selected. 5. In the "Minimum security level required" drop-down list, verify either "Trusted Environment" or "StrongBox" is selected. 6. In the "Prompt behavior" drop-down list, verify "Immediate enforcement action" is selected. 7. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, verify "Do not allow BlackBerry Dynamics apps to run" is selected. If required compliance actions are not enabled when a hardware attestation certificate failure occurs, this is a finding.
Configure the following compliance actions when a hardware attestation certificate failure occurs (Android only): -Minimum security level required: "Trusted Environment" or "StrongBox". -Prompt behavior: "Immediate enforcement action". -Enforcement action for BlackBerry Dynamics apps: "Do not allow BlackBerry Dynamics apps to run". 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance. 3. Create a new compliance profile or select and edit an existing compliance profile. 4. On the Android tab in the BlackBerry Protect section, select the "Hardware attestation security level" check box. 5. In the "Minimum security level required" drop-down list, select either "Trusted Environment" or "StrongBox". 6. In the "Prompt behavior" drop-down list, select "Immediate enforcement action". 7. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, select "Do not allow BlackBerry Dynamics apps to run". 8. Click "Add" or "Save". 9. Assign the profile to users and groups.
Verify the following compliance actions when a hardware attestation boot state failure occurs are configured (Android only): -Prompt behavior: "Immediate enforcement action". -Enforcement action for BlackBerry Dynamics apps: "Do not allow BlackBerry Dynamics apps to run". 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance. 3. Select the appropriate compliance profile (have the site system administrator identify the profile). 4. On the Android tab in the BlackBerry Protect section, verify the "Hardware attestation boot state is unverified" is selected. 5. In the "Prompt behavior" drop-down list, verify "Immediate enforcement action" is selected. 6. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, verify "Do not allow BlackBerry Dynamics apps to run" is selected. If required compliance actions when a hardware attestation boot state failure occurs are not configured, this is a finding.
Configure the following compliance actions when a hardware attestation boot state failure occurs (Android only): -Prompt behavior:" Immediate enforcement action". -Enforcement action for BlackBerry Dynamics apps: "Do not allow BlackBerry Dynamics apps to run". 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Compliance >> Compliance. 3. Create a new compliance profile or select and edit an existing compliance profile. 4. On the Android tab in the BlackBerry Protect section, select the "Hardware attestation boot state is unverified" check box. 5. In the "Prompt behavior" drop-down list, select "Immediate enforcement action". 6. In the "Enforcement action for BlackBerry Dynamics apps" drop-down list, select "Do not allow BlackBerry Dynamics apps to run". 7. Click "Add" or "Save". 8. Assign the profile to users and groups.
Verify anonymous data collection by BlackBerry for both iOS and Android devices has been disabled by CylancePROTECT Mobile: 1. Log on to the BlackBerry UEM console. 2. In Policies and profiles >> Protection >> BlackBerry Protect, select a BlackBerry Protect profile. 3. On the iOS tab, in the "Statistics collection" section, verify "Allow collection of anonymized statistics from devices to improve the performance of BlackBerry Protect" check box has not been selected. 4. On the Android tab, in the "Statistics collection" section, verify the "Allow collection of anonymized statistics from devices to improve the performance of BlackBerry Protect" check box has not been selected. If CylancePROTECT Mobile has not disabled anonymous data collection by BlackBerry for both iOS and Android devices, this is a finding.
Disable CylancePROTECT Mobile anonymous data collection by BlackBerry for both iOS and Android devices: 1. Log on to the BlackBerry UEM console. 2. In Policies and profiles >> Protection >> BlackBerry Protect, select and edit a BlackBerry Protect profile. 3. On the iOS tab, in the "Statistics collection" section, clear the "Allow collection of anonymized statistics from devices to improve the performance of BlackBerry Protect" check box. 4. On the Android tab, in the "Statistics collection" section, clear the "Allow collection of anonymized statistics from devices to improve the performance of BlackBerry Protect" check box. 5. Click "Save".
Verify SMS text message scanning has been configured as required (iOS only): 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Protection >> BlackBerry Protect. 3. Open the BlackBerry Protect profile (have the site system administrator identify the profile from the list). 4. Select the iOS platform. 5. Verify that the "Enable message scanning" check box is selected. 6. Verify in the Scanning option drop-down list, one of the following has been selected AND "No scanning" is not selected: -"Cloud scanning". -"On device scanning". If SMS text message scanning for iOS devices is not configured as required, this is a finding.
Configure SMS text message scanning (iOS only). 1. Log on to the BlackBerry UEM console. 2. In the management console on the menu bar, click Policies and profiles >> Protection >> BlackBerry Protect. 3. Open the BlackBerry Protect profile or create a new profile. 4. Select the iOS platform. 5. Verify that the "Enable message scanning" check box is selected. 6. In the Scanning option drop-down list, choose one of the following only (do not choose "No scanning"): "Cloud scanning" or "On device scanning". 7. Click "Save". 8. Assign the profile to users and groups.