Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-11870 | WIR1050-01 | SV-12370r6_rule | ECWN-1 | High |
Description |
---|
Onset Technologies METAmessage software is production software which may introduce virus or other malicious code to the system. This software is not approved for use on DoD systems. |
STIG | Date |
---|---|
BlackBerry Enterprise Server, Part 1 Security Technical Implementation Guide | 2011-04-11 |
Check Text ( C-11491r5_chk ) |
---|
Perform the following procedures either on the BES or site Blackberry devices, as appropriate. Perform the following procedures on the BES and a sample of BlackBerry devices (use 3-4 devices for a random ssample) as appropriate. Check a sample of BlackBerry devices (Settings>Options>Advanced Options>Applications) to ensure the METAmessage application is not loaded on the BlackBerry device. On the BES, have the BlackBerry Administrator show that the BES Application White List does not contain the application. This review should be performed at the same time checks WIR1310-01, WIR1310-02, and WIR1310-03 are reviewed so that work is not duplicated. On BES 5.0 View the list of applications assigned to 3-4 sample Application White List software configurations assigned to users. Verify METAmessage is not listed. On BES 4.1.x o In the BlackBerry Manager, select BlackBerry Domain in the left pane. o Select the Software Configurations tab. o Select a sample of listed software configurations to check. For each, do the following; --- Select a configuration to review. --- Click on Edit Configuration. --- Expand the list under Application Software and check to ensure METAmessage is not listed. The METAmessage application allows the user to open and create Microsoft Office files such as MS Word or Excel attachments or documents. These documents can then be sent via email, saved, or printed. This application presents a security risk and is not allowed for use in DoD. Verify this software application is not used by interviewing the IAO or reviewing a sampling of the devices. |
Fix Text (F-23346r1_fix) |
---|
Remove Onset Technologies METAmessage software installed on DoD BlackBerry devices or on the BES. |