Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL

BlackBerry Enterprise Solution 63

IT policy rule Description

Secure Wipe if Low Battery

Set this IT policy rule to require that, if the BlackBerry device battery power

is insufficient to receive IT policy updates or IT administration commands,

the BlackBerry device permanently deletes its user and application data.

The BlackBerry device wipe process is designed to delete all data in memory and overwrite memory with zeroes.

If content protection is turned on, the BlackBerry device also uses a memory scrub process to overwrite the

BlackBerry device flash memory file system. The BlackBerry memory scrub process complies with United States

government requirements for clearing sensitive user data, including Department of Defense directive 5220.22-M

and National Institute of Standards and Technology Special Publication 800-88.

When the BlackBerry device permanently deletes its stored user and application data, it also performs the

following actions:

BlackBerry device action Description

delete the master

encryption key

The BlackBerry device deletes its references to the master encryption key in

memory.

unbind the IT policy The BlackBerry device deletes the IT policy public key from its NV store so that

it can receive a new IT policy and digitally signed IT policy public key from a

BlackBerry Enterprise Server. The BlackBerry device does not delete its stored

IT policy.

unbind the smart card (if

applicable)

The BlackBerry device deletes the smart card binding information from the NV

store so that a user can authenticate with the BlackBerry device using a new

smart card.

For more information, see “Appendix D: BlackBerry device wipe process” on page 74.

Remotely resetting a BlackBerry device to factory default settings

The BlackBerry Enterprise Server administrator can use the Remote Wipe Reset to Factory Defaults IT policy rule

to require the BlackBerry device to return to factory default settings when it receives the Erase Data and Disable

Handheld IT administration command over the wireless network. When the BlackBerry Enterprise Server

administrator sets this rule to True and sends the Erase Data and Disable Handheld IT administration command

to the BlackBerry device from the BlackBerry Manager, the BlackBerry device performs the following actions:

• permanently deletes its stored IT policy

• permanently deletes all third-party applications

• permanently deletes all user data

Erasing all data and applications from the BlackBerry device memory over a physical

connection

A BlackBerry device is designed to erase its user and application data and all applications when it is physically

connected to a computer and any of the following events occur:

• The BlackBerry device user runs the application loader tool in the BlackBerry Desktop Software and types

the password incorrectly more times than the Set Maximum Password Attempts IT policy rule allows in the

application loader tool prompt. (The default is ten attempts.)

The BlackBerry device user can also use the application loader tool in the BlackBerry Desktop Software to

erase all user and application data on the BlackBerry device, but choose not to erase the BlackBerry device

applications.

• The BlackBerry Enterprise Server administrator clicks Wipe Handheld File System in the BlackBerry

Manager. This option deletes all data and applications from the BlackBerry device even if the service books