BlackBerry 10 OS must disallow the Work Space unlock password from containing fewer than a specified minimum number of lower case alphabetic characters.
Password complexity or strength refers to how difficult it is to determine a password using a dictionary or brute force attack. Setting minimum numbers of certain types of characters increases password complexity, and therefore makes it more difficult for an adversary to discover the password. In the DoD, the expectation is that the setting will range from a minimum of 1 to 2 lower case characters in the device unlock password. The parameter should be selected based on a risk assessment that weighs factors, such as the environments the device will be located and operational requirements for users to access data in a timely manner.
From either the Work Space or Personal Space, navigate to "Settings -> BlackBerry Balance" and select "Change Password". Authenticate using the current password. Select "Password Rules" and under "Your password must contain all of the following:", "a lowercase letter" is listed. Otherwise, this is a finding.
Fix Text (F-43235r3_fix)
On BlackBerry Device Service, set "Minimum Password Complexity" IT Policy rules to "At least one uppercase letter, one lowercase letter, one number, and one special character".