BlackBerry 10 OS, for PKI-based authentication must validate certificates by querying the certification authority for revocation status of the certificate.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-47233	BB10-2X-002160	SV-60105r2_rule		Low

Description
Status information for certification paths includes certificate revocation lists or online certificate status protocol responses. Failure to verify a certificate's revocation status can result in the system accepting a revoked or otherwise unauthorized certificate resulting in installation of unauthorized software or connection to rogue networks. Querying for certificate revocation mitigates the risk that the system will accept an unauthorized certificate.

Description

Status information for certification paths includes certificate revocation lists or online certificate status protocol responses. Failure to verify a certificate's revocation status can result in the system accepting a revoked or otherwise unauthorized certificate resulting in installation of unauthorized software or connection to rogue networks. Querying for certificate revocation mitigates the risk that the system will accept an unauthorized certificate.

STIG	Date
BlackBerry 10.2.x OS Security Technical Implementation Guide	2015-07-02

Details

Check Text ( C-50059r2_chk )
On BlackBerry Device Service, navigate to "Devices >> Device settings >> Certificate retrieval settings >> Edit Settings >> OCSP" and verify "Service URL" field is populated with the correct value. Otherwise, this is a finding.

Fix Text (F-50937r2_fix)
On BlackBerry Device Service, navigate to "Devices >> Device settings >> Certificate retrieval settings >> Edit Settings >> OCSP" and set "Service URL" field to appropriate URL of the OCSP server.