Non-core applications used on the BlackBerry must be approved.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-19202	WIR1310-04	SV-21091r4_rule	ECSC-1	Low

Description
Unapproved applications could include malware or introduce other vulnerabilities to the Blackberry system and enclave.

STIG	Date
BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide	2011-09-30

Details

Check Text ( C-23139r3_chk )
Detailed Policy Requirements: All applications listed in each Application White list must be approved by either the DAA or by the IT configuration control board that reviews and approves workstation applications. Recommend sites use the same or similar process used to approve desktop applications to select, review, test, and approve BlackBerry applications. Check Procedures: For each Application White list assigned to BES user accounts, verify the site has documentation showing the applications are approved by the DAA (or who the DAA has designated as the approval authority for the site).

Check Text ( C-23139r3_chk )

Detailed Policy Requirements:

All applications listed in each Application White list must be approved by either the DAA or by the IT configuration control board that reviews and approves workstation applications. Recommend sites use the same or similar process used to approve desktop applications to select, review, test, and approve BlackBerry applications.

Check Procedures:

For each Application White list assigned to BES user accounts, verify the site has documentation showing the applications are approved by the DAA (or who the DAA has designated as the approval authority for the site).

Fix Text (F-11479r2_fix)
Comply with DoD policy.