BlackBerry 10 OS's Wi-Fi module must use EAP-TLS authentication when authenticating to DoD WLAN authentication servers.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
BB10-00-000240	BB10-00-000240	BB10-00-000240_rule		Medium

Description
Without strong mutual authentication, a mobile device may connect to an unauthorized network. In many cases, the user may falsely believe that the device is connected to an authorized network and then provide authentication credentials and other sensitive information. EAP-TLS is strong mutual authentication, leveraging a public key infrastructure. Its use greatly mitigates risk associated with authentication transactions.

Description

Without strong mutual authentication, a mobile device may connect to an unauthorized network. In many cases, the user may falsely believe that the device is connected to an authorized network and then provide authentication credentials and other sensitive information. EAP-TLS is strong mutual authentication, leveraging a public key infrastructure. Its use greatly mitigates risk associated with authentication transactions.

STIG	Date
BlackBerry 10 OS STIG	2013-05-03

Details

Check Text ( C-BB10-00-000240_chk )
Navigate to "Settings -> Network Connections -> Wi-Fi -> Saved" and select a Wi-Fi profile to check. Ensure "Security Type" is set to "WPA Enterprise" or "WPA2 Enterprise" and "Security Sub Type" is set to "EAP-TLS". These options should be grayed out. Otherwise, this is a finding.

Fix Text (F-BB10-00-000240_fix)
On BlackBerry Device Service, select the affected Wi-Fi Profile, and set "Security Type" to "WPA Enterprise" or "WPA2 Enterprise", and "Security Sub Type" to "EAP-TLS".