Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
BlackBerry 10 OS VPN client must employ DoD approved PKI mechanisms for authentication when connecting to DoD networks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-38305 | BB10-00-000250 | SV-50105r2_rule | Medium |
| Description |
|---|
| VPNs are vulnerable to attack if they are not supported by strong authentication. An adversary may be able to gain access to network resources and sensitive information if they can compromise the authentication process. Common Access Card (CAC) authentication is a strong cryptographic two-factor authentication that greatly mitigates the risk of VPN authentication breaches. Other DoD approved PKI mechanisms provide similar levels of assurance. |
| STIG | Date |
|---|---|
| BlackBerry 10 OS Security Technical Implementation Guide | 2014-08-27 |
Details
| Check Text ( C-45852r3_chk ) |
|---|
| From either the Work Space or Personal Space, navigate to "Settings -> Network Connections -> VPN ". Select and hold a VPN profile to check, and select "Edit Profile" to edit the VPN Profile. For each VPN Profile connecting to DoD networks: - Select the VPN Profile to edit. - Ensure "Authentication Type" is set to "PKI" or "XAUTH-PKI" and grayed out. Otherwise, this is a finding. NOTE: If the VPN Profile listed under "Settings -> Network Connections -> VPN" has a brief case logo on the right side, it is created on BlackBerry Device Service published to the device. "Authentication Type" for this VPN Profile will be grayed out and enforced. If no VPN profiles are saved, this requirement is NA. |
| Fix Text (F-43243r2_fix) |
|---|
| On BlackBerry Device Service, select the applicable VPN Profile and set "Authentication Type" to "PKI" or "XAUTH-PKI". |