Only DoD PKI issued or DoD approved software authentication certificates may be installed on the work space of the BlackBerry 10 OS.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
BB10-00-000310	BB10-00-000310	BB10-00-000310_rule		High

Description
If unauthorized software authentication certificates are installed on the device, then the operating system would not block malware signed by the entity that published these certificates. Such malware could be used to obtain sensitive DoD information or to further breach system security. Eliminating unapproved software authentication certificates greatly mitigates the risk of malware passing authentication controls.

Description

If unauthorized software authentication certificates are installed on the device, then the operating system would not block malware signed by the entity that published these certificates. Such malware could be used to obtain sensitive DoD information or to further breach system security. Eliminating unapproved software authentication certificates greatly mitigates the risk of malware passing authentication controls.

STIG	Date
BlackBerry 10 OS STIG	2013-05-03

Details

Check Text ( C-BB10-00-000310_chk )
Navigate to "Settings -> Security and Privacy -> Certificates", and throughout different enterprise certificate stores ("Enterprise Root Certificates", "Enterprise Intermediate Certificates", and "Enterprise Client Certificates"), ensure the certificates listed are DoD PKI issued or DoD approved. The presence of any non approved certificates is a finding.

Fix Text (F-BB10-00-000310_fix)
On BlackBerry Device Service server, remove the corresponding .pem file from :\\Shared\Certificates\ folder.