BlackBerry 10 OS VPN client must employ DoD approved PKI mechanisms for authentication when connecting to DoD networks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| BB10-00-000250 | BB10-00-000250 | BB10-00-000250_rule | Medium |
| Description |
|---|
| VPNs are vulnerable to attack if they are not supported by strong authentication. An adversary may be able to gain access to network resources and sensitive information if they can compromise the authentication process. Common Access Card (CAC) authentication is a strong cryptographic two-factor authentication that greatly mitigates the risk of VPN authentication breaches. Other DoD approved PKI mechanisms provide similar levels of assurance. |
| STIG | Date |
|---|---|
| BlackBerry 10 OS STIG | 2013-05-03 |
Details
| Check Text ( C-BB10-00-000250_chk ) |
|---|
| Navigate to "Settings -> Network Connections -> VPN ". Select "Edit" to edit a VPN Profile. For each VPN Profile connecting to DoD networks: - Select the VPN Profile to edit. - Ensure "Authentication Type" is set to "PKI" or "XAUTH-PKI" and grayed out. Otherwise, this is a finding. NOTE: If the VPN Profile listed under "Settings -> Network Connections -> VPN" has a briefcase logo on the right side, it is created on BlackBerry Device Service and published to the device. "Authentication Type" for this VPN Profile will be grayed out and enforced. |
| Fix Text (F-BB10-00-000250_fix) |
|---|
| On BlackBerry Device Service, select the applicable VPN Profile and set "Authentication Type" to "PKI" or "XAUTH-PKI". |