Only DoD PKI issued or DoD approved server authentication certificates may be installed on the work space of the BlackBerry 10 OS.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
BB10-00-000320	BB10-00-000320	BB10-00-000320_rule		Medium

Description
If unauthorized device authentication certificates are installed on the device, there is the potential that the device may connect to a rogue device or network. Rogue devices can mimic the behavior of authorized equipment to trick the user into providing authentication credentials, which could then in turn be used to compromise DoD information and networks. Restricting device authentication certificates to an authorized list mitigates the risk of attaching to rogue devices and networks.

Description

If unauthorized device authentication certificates are installed on the device, there is the potential that the device may connect to a rogue device or network. Rogue devices can mimic the behavior of authorized equipment to trick the user into providing authentication credentials, which could then in turn be used to compromise DoD information and networks. Restricting device authentication certificates to an authorized list mitigates the risk of attaching to rogue devices and networks.

STIG	Date
BlackBerry 10 OS STIG	2013-05-03

Details

Check Text ( C-BB10-00-000320_chk )
Navigate to "Settings -> Security and Privacy -> Certificates", and throughout different enterprise certificate stores ("Enterprise Root Certificates", "Enterprise Intermediate Certificates", and "Enterprise Client Certificates"), ensure the certificates listed are DoD PKI issued or DoD approved. The presence of any non approved certificates is a finding.

Fix Text (F-BB10-00-000320_fix)
On BlackBerry Device Service server, remove the corresponding .pem file from :\\Shared\Certificates\ folder.