UCF STIG Viewer Logo

BlackBerry 10.2.x OS Security Technical Implementation Guide


Overview

Date Finding Count (28)
2015-07-02 CAT I (High): 3 CAT II (Med): 22 CAT III (Low): 3
STIG Description
Developed by BlackBerry Ltd. in coordination with DISA for use in the DoD. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-47201 High BlackBerry 10 OS must grant a downloaded application only the permissions the AO has authorized for that application.
V-47203 High The BlackBerry 10 OS Work Space must only install and use DoD PKI-issued or DoD-approved software authentication certificates.
V-47185 High BlackBerry 10 OS must prevent a user from installing unapproved applications in the Work Space.
V-47221 Medium BlackBerry 10 OS must employ mobile device management services to centrally manage Wi-Fi profiles.
V-47197 Medium BlackBerry 10 OS must have access to DoD root and intermediate PKI certificates when performing DoD PKI-related transactions.
V-47223 Medium BlackBerry 10 OS must employ mobile device management services to centrally manage VPN profiles.
V-47177 Medium BlackBerry 10 OS must prevent applications from extending the Work Space password lock time.
V-47191 Medium BlackBerry 10 OSs Wi-Fi module must use EAP-TLS authentication when authenticating to DoD WLAN authentication servers.
V-47175 Medium BlackBerry 10 OS must lock the Work Space after no more than 15 minutes of inactivity.
V-47173 Medium BlackBerry 10 OS must retain the device lock until the user reestablishes access using established identification and authentication procedures.
V-47171 Medium BlackBerry 10 OS must retain the lock on the Work Space until the user reestablishes access using established identification and authentication procedures.
V-47231 Medium BlackBerry 10 OS device lock, when activated on a device, must place a publicly viewable pattern onto the associated display, hiding what was previously visible on the screen.
V-47207 Medium BlackBerry 10 OS must be updated to the latest approved version of the operating system.
V-47169 Medium BlackBerry 10 OS must display the DoD warning banner exactly as specified at start-up device unlock.
V-47219 Medium BlackBerry 10 OS must employ mobile device management services to centrally manage email settings.
V-47193 Medium BlackBerry 10 OS VPN client must employ DoD PKI-approved mechanisms for authentication when connecting to DoD networks.
V-47215 Medium BlackBerry 10 OS maximum number of consecutive unsuccessful unlock attempts must be less than 10.
V-48597 Medium BlackBerry 10 OSs VPN client must use either IPsec or SSL/TLS when connecting to DoD networks.
V-47199 Medium BlackBerry 10 OS must block both the inbound and outbound traffic between instant messaging clients that are independently configured by end users and external service providers or other unapproved DoD systems.
V-47205 Medium The BlackBerry 10 OS Work Space must only install and use DoD PKI-issued or DoD-approved server authentication certificates.
V-47183 Medium BlackBerry 10 OS must prevent a user from installing unapproved applications.
V-47181 Medium BlackBerry 10 OS must enforce a minimum length for the Work Space unlock password.
V-47187 Medium BlackBerry 10 OS must prevent a user from installing unapproved applications from other sources.
V-47217 Medium BlackBerry 10 OS must employ mobile device management services to centrally manage IT Policies.
V-47189 Medium BlackBerry 10 OS must only permit downloading of software from a DoD-approved source (e.g., DoD-operated mobile device application store or MDM server).
V-47229 Low BlackBerry 10 OS must enable a system administrator to (i) select which data fields will be available to applications outside of the contact database application and (ii) limit the number of contact database fields accessible outside of a work persona in the case of dual persona phones.
V-47179 Low BlackBerry 10 OS must synchronize the internal clock on an organizationally-defined periodic basis with an authoritative time server or the Global Positioning System.
V-47233 Low BlackBerry 10 OS, for PKI-based authentication must validate certificates by querying the certification authority for revocation status of the certificate.