The BlackBerry 10 OS Work Space must only install and use DoD PKI-issued or DoD-approved software authentication certificates.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-47203 | BB10-2X-000310 | SV-60075r3_rule | High |
| Description |
|---|
| If unauthorized software authentication certificates are installed on the device, then the operating system would not block malware signed by the entity that published these certificates. Such malware could be used to obtain sensitive DoD information or to further breach system security. Eliminating unapproved software authentication certificates greatly mitigates the risk of malware passing authentication controls. |
| STIG | Date |
|---|---|
| BlackBerry 10.2.x OS Security Technical Implementation Guide | 2015-07-02 |
Details
| Check Text ( C-50029r3_chk ) |
|---|
| From the Work Space, navigate to "Settings >> Security and Privacy >> Certificates", and throughout different enterprise certificate stores ("Enterprise Root Certificates", "Enterprise Intermediate Certificates", and "Enterprise Client Certificates"). Verify the certificates listed originated from the BDS server. If the certificates do not originate from a DoD BDS server, this is a finding. NOTE: Certificates in stores other than enterprise certificate stores do not apply. |
| Fix Text (F-50907r2_fix) |
|---|
| On BlackBerry Device Service, remove the corresponding .pem file from this folder: |