UCF STIG Viewer Logo

Onset Technologies METAmessage software must not be installed on DoD BlackBerry devices or on the BES.


Overview

Finding ID Version Rule ID IA Controls Severity
V-11870 WIR1050-01 SV-12370r3_rule ECWN-1 High
Description
Onset Technologies METAmessage software is production software which may introduce a virus or other malicious code on the system. This software is not approved for use on DoD systems.
STIG Date
BlackBerry Enterprise Server (version 5.x), Part 1 Security Technical Implementation Guide 2015-07-02

Details

Check Text ( C-11491r4_chk )
Perform the following procedures on the BES and a sample of BlackBerry devices (use 2-3 devices for a random sample) as appropriate.

Check a sample of BlackBerry devices (Settings >> Options >> Advanced Options >> Applications) to ensure the METAmessage application is not loaded on the BlackBerry device.

On the BES, have the BlackBerry Administrator show that the BES Application White List does not contain the application. This review should be performed at the same time checks WIR1310-01, WIR1310-02, and WIR1310-03 are reviewed so work is not duplicated.

View the list of applications assigned to 3-4 samples Application White List software configurations assigned to users. Verify METAmessage is not listed.

The METAmessage application allows the user to open and create Microsoft Office files, such as MS Word or Excel attachments or documents. These documents can then be sent via email, saved, or printed. This application presents a security risk and is not allowed for use in DoD. Verify this software application is not used by interviewing the ISSO or reviewing a sampling of the devices.
Fix Text (F-23346r1_fix)
Remove Onset Technologies METAmessage software installed on DoD BlackBerry devices or on the BES.