BlackBerry 10 OS must only permit downloading of software from a DoD-approved source (e.g., DoD-operated mobile device application store or MDM server).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-47189	BB10-2X-000230	SV-60061r3_rule		Medium

Description
DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD-approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system, in most cases, can be configured to disable user access to public application stores. However, in some cases, DoD may approve downloads directly from the OS vendor.

Description

DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD-approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system, in most cases, can be configured to disable user access to public application stores. However, in some cases, DoD may approve downloads directly from the OS vendor.

STIG	Date
BlackBerry 10.2.x OS Security Technical Implementation Guide	2015-07-02

Details

Check Text ( C-50015r1_chk )
From the Work Space, open "BlackBerry World - Work" and select "Public". If any apps are listed under "Public", this is a finding.

Fix Text (F-50893r2_fix)
On BlackBerry Device Service, on the BlackBerry solution management menu, expand "Software >> Applications", click "Manage applications", and delete all applications under "BlackBerry World Applications".