UCF STIG Viewer Logo

The BlackBerry 10 OS Work Space must only install and use DoD PKI-issued or DoD-approved server authentication certificates.


Overview

Finding ID Version Rule ID IA Controls Severity
V-47205 BB10-2X-000320 SV-60077r3_rule Medium
Description
If unauthorized device authentication certificates are installed on the device, there is the potential that the device may connect to a rogue device or network. Rogue devices can mimic the behavior of authorized equipment to trick the user into providing authentication credentials, which could then in turn be used to compromise DoD information and networks. Restricting device authentication certificates to an authorized list mitigates the risk of attaching to rogue devices and networks.
STIG Date
BlackBerry 10.2.x OS Security Technical Implementation Guide 2015-07-02

Details

Check Text ( C-50031r3_chk )
From the Work Space, navigate to "Settings >> Security and Privacy >> Certificates", and throughout different enterprise certificate stores ("Enterprise Root Certificates", "Enterprise Intermediate Certificates", and "Enterprise Client Certificates").

Verify the certificates listed originated from the BDS server.

If the certificates do not originate from a DoD BDS server, this is a finding.

NOTE: Certificates in stores other than enterprise certificate stores do not apply.
Fix Text (F-50909r2_fix)
On BlackBerry Device Service, remove the corresponding .pem file from this folder:
:\\Shared\Certificates\