I’ve previously gotten the following reply from development/support at the end of 2018…
“The .HostIDAccess.read and .HostIDAccess.write files contain no data. They are used cooperatively to gate access to files that may be changed by multiple BES components. Some of those BES components may be running as non-root processes. An alternative to allowing all access would be to create a BES group and make sure all BES component processes belong to that group, then limit access to root and the BES group. There is no way to force that in the current release.”
It keeps getting flagged in our environment as well as a violation of configuration rules. Ideally this would be fixed (aka create the group as part of the client installation so this isn’t needed).