BlackBerry 10 OS must re-encrypt all device data when the device is locked.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| BB10-00-000400 | BB10-00-000400 | BB10-00-000400_rule | Medium |
| Description |
|---|
| If data is not encrypted upon the lock of the device, there is the potential for an adversary to remove non-volatile memory from the device and read it directly using tools for that purpose. This attack would render other operating system controls useless. Encrypting data provides assurance that it will be protected even when memory is physically removed from the device. |
| STIG | Date |
|---|---|
| BlackBerry 10 OS STIG | 2013-05-03 |
Details
| Check Text ( C-BB10-00-000400_chk ) |
|---|
| Navigate to "Settings -> Security and Privacy -> Encryption" and ensure both "Device Encryption" and "Media Card Encryption" are set to "On" and grayed out. Otherwise, this is a finding. |
| Fix Text (F-BB10-00-000400_fix) |
|---|
| On BlackBerry Device Service, set "Media Card Encryption" and "Personal Space Data Encryption" IT Policy rules to "Yes". |