BlackBerry 10 OSs VPN client must use either IPsec or SSL/TLS when connecting to DoD networks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-48597	BB10-2X-000270	SV-61473r2_rule		Medium

Description
Use of non-standard communications protocols can affect both the availability and confidentiality of communications. IPsec and SSL/TLS are both well-known and tested protocols that provide strong assurance with respect to both IA and interoperability.

STIG	Date
BlackBerry 10.2.x OS Security Technical Implementation Guide	2015-07-02

Details

Check Text ( C-50923r2_chk )
From either the Work Space or Personal Space, navigate to "Settings >> Network Connections >> VPN". Select "Edit" to edit a VPN Profile. For each VPN Profile connecting to DoD networks: - Select the VPN Profile to edit. - Ensure "Gateway Type" is set to a type which supports and utilizes IPsec and SSL/TLS. Otherwise, this is a finding. NOTE: If no VPN profiles are saved, this requirement is NA.

Check Text ( C-50923r2_chk )

From either the Work Space or Personal Space, navigate to "Settings >> Network Connections >> VPN".

Select "Edit" to edit a VPN Profile.

For each VPN Profile connecting to DoD networks:

- Select the VPN Profile to edit.
- Ensure "Gateway Type" is set to a type which supports and utilizes IPsec and SSL/TLS.

Otherwise, this is a finding.

NOTE: If no VPN profiles are saved, this requirement is NA.

Fix Text (F-52203r1_fix)
On BlackBerry Device Service, select the affected VPN Profile for edit, and set "Gateway Type" to a type which supports and utilizes IPsec and SSL/TLS.