BlackBerry 10 OS must only permit download of software from a DoD approved source (e.g., DoD operated mobile device application store or MDM server).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-38303	BB10-00-000230	SV-50103r2_rule		Medium

Description
DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system, in most cases, can be configured to disable user access to public application stores. However, in some cases, DoD may approve downloads directly from the OS vendor.

Description

DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system, in most cases, can be configured to disable user access to public application stores. However, in some cases, DoD may approve downloads directly from the OS vendor.

STIG	Date
BlackBerry 10 OS Security Technical Implementation Guide	2014-08-27

Details

Check Text ( C-45850r2_chk )
Open "BlackBerry World - Work" and select "Public Apps". If there are any apps listed under "Public Apps", this is a finding.

Fix Text (F-43241r2_fix)
On BlackBerry Device Service: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software -> Applications". 2. Click "Manage applications". 3. Delete all applications under "BlackBerry World Applications".