UCF STIG Viewer Logo

BlackBerry 10.2.x OS Security Technical Implementation Guide


Overview

Date Finding Count (34)
2014-06-13 CAT I (High): 5 CAT II (Med): 25 CAT III (Low): 4
STIG Description
Developed by BlackBerry Ltd. in coordination with DISA for use in the DoD. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-47185 High BlackBerry 10 OS must prevent a user from installing unapproved applications in the Work Space.
V-47201 High BlackBerry 10 OS must grant a downloaded application only the permissions the AO has authorized for that application.
V-47203 High The BlackBerry 10 OS Work Space must only install and use DoD PKI issued or DoD approved software authentication certificates.
V-47183 High BlackBerry 10 OS must prevent a user from installing unapproved applications.
V-47187 High BlackBerry 10 OS must prevent a user from installing unapproved applications from other sources.
V-47221 Medium BlackBerry 10 OS must employ mobile device management services to centrally manage Wi-Fi profiles.
V-47181 Medium BlackBerry 10 OS must enforce a minimum length for the Work Space unlock password.
V-47227 Medium BlackBerry 10 OS must prohibit wireless remote access connection for media sharing.
V-47225 Medium BlackBerry 10 OS must prohibit wireless remote access connection for storage.
V-47197 Medium BlackBerry 10 OS must have access to DoD root and intermediate PKI certificates when performing DoD PKI related transactions.
V-47223 Medium BlackBerry 10 OS must employ mobile device management services to centrally manage VPN profiles.
V-47207 Medium BlackBerry 10 OS must be updated to the latest approved version of the operating system.
V-47209 Medium BlackBerry 10 OS must prevent a user from using a browser that does not direct its traffic to a DoD proxy server.
V-47191 Medium BlackBerry 10 OSs Wi-Fi module must use EAP-TLS authentication when authenticating to DoD WLAN authentication servers.
V-47175 Medium BlackBerry 10 OS must lock the Work Space after no more than 15 minutes of inactivity.
V-47199 Medium BlackBerry 10 OS must block both the inbound and outbound traffic between instant messaging clients that are independently configured by end users and external service providers or other unapproved DoD systems.
V-47171 Medium BlackBerry 10 OS must retain the lock on the Work Space until the user reestablishes access using established identification and authentication procedures.
V-47231 Medium BlackBerry 10 OS device lock, when activated on a device, must place a publicly viewable pattern onto the associated display, hiding what was previously visible on the screen.
V-47219 Medium BlackBerry 10 OS must employ mobile device management services to centrally manage email settings.
V-47177 Medium BlackBerry 10 OS must prevent applications from extending the Work Space password lock time.
V-47169 Medium BlackBerry 10 OS must display the DoD warning banner exactly as specified at startup device unlock.
V-47193 Medium BlackBerry 10 OS VPN client must employ DoD PKI approved mechanisms for authentication when connecting to DoD networks.
V-47189 Medium BlackBerry 10 OS must only permit download of software from a DoD approved source (e.g., DoD operated mobile device application store or MDM server).
V-48597 Medium BlackBerry 10 OSs VPN client must use either IPsec or SSL/TLS when connecting to DoD networks.
V-47173 Medium BlackBerry 10 OS must retain the device lock until the user reestablishes access using established identification and authentication procedures.
V-47205 Medium The BlackBerry 10 OS Work Space must only install and use DoD PKI issued or DoD approved server authentication certificates.
V-47217 Medium BlackBerry 10 OS must employ mobile device management services to centrally manage IT Policies.
V-47215 Medium BlackBerry 10 OS maximum number of consecutive unsuccessful unlock attempts must be less than 10.
V-47213 Medium BlackBerry 10 OS must prevent a user from using a browser that does not direct its traffic to a DoD proxy server.
V-47211 Medium BlackBerry 10 OS must use a DoD proxy server.
V-47229 Low BlackBerry 10 OS must enable a system administrator to (i) select which data fields will be available to applications outside of the contact database application and (ii) limit the number of contact database fields accessible outside of a work persona in the case of dual persona phones.
V-47179 Low BlackBerry 10 OS must synchronize the internal clock on an organizationally-defined periodic basis with an authoritative time server or the Global Positioning System.
V-47237 Low BlackBerry 10 OS must prevent DoD applications from accessing non-DoD data when the device supports multiple user environments (e.g., work and personal) if such access has not been approved.
V-47233 Low BlackBerry 10 OS, for PKI-based authentication must validate certificates by querying the certification authority for revocation status of the certificate.