BlackBerry 10 OS must block both the inbound and outbound traffic between instant messaging clients that are independently configured by end users and external service providers or other unapproved DoD systems.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-47199 | BB10-2X-000290 | SV-60071r4_rule | Medium |
| Description |
|---|
| Many instant messaging systems have known vulnerabilities, some of which allow an adversary to install malware on the device. This malware can then be used to obtain sensitive information or further compromise DoD information systems. Restricting IM traffic to DoD-authorized IM systems mitigates the risk of using IM technology. |
| STIG | Date |
|---|---|
| BlackBerry 10.2.x OS Security Technical Implementation Guide | 2015-07-02 |
Details
| Check Text ( C-50025r3_chk ) |
|---|
| On BlackBerry Device Service, in the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software >> Applications >> Manage applications". If there are any unauthorized instant messaging systems listed, this is a finding. |
| Fix Text (F-50903r2_fix) |
|---|
| On BlackBerry Device Service: In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software >> Applications >> Manage applications". Delete the unauthorized IM system application. |