The BlackBerry Device Service server must be configured to restrict the download of software within the Work Space to DoD-approved sources only (e.g., DoD-operated mobile device application store or BlackBerry Device Service server).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-39023	BBDS-00-000275	SV-50828r2_rule		Medium

Description
DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system in most cases can be configured to disable user access to public application stores.

Description

DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system in most cases can be configured to disable user access to public application stores.

STIG	Date
BlackBerry Enterprise Service v10.1.x BlackBerry Device Service STIG	2014-10-06

Details

Check Text ( C-46470r2_chk )
Review the BlackBerry Device Service server configuration to ensure the BlackBerry Device Service server is configured to restrict the download of software within the Work Space to DoD-approved sources only (e.g., DoD-operated mobile device application store or BlackBerry Device Service server). Log into BlackBerry Administration Service, and under "BlackBerry solution management" on the left side of the screen, navigate to "Policy > Manage IT policies > > View complete IT Policy > Security" and verify "Restrict Development Mode" is set to "Yes". Otherwise, this is a finding. Note: The above is only for EMM-Corporate (BlackBerry Balance) devices. EMM-Regulated (Work Space only) devices inherently meet this requirement.

Check Text ( C-46470r2_chk )

Review the BlackBerry Device Service server configuration to ensure the BlackBerry Device Service server is configured to restrict the download of software within the Work Space to DoD-approved sources only (e.g., DoD-operated mobile device application store or BlackBerry Device Service server).

Log into BlackBerry Administration Service, and under "BlackBerry solution management" on the left side of the screen, navigate to "Policy > Manage IT policies > > View complete IT Policy > Security" and verify "Restrict Development Mode" is set to "Yes". Otherwise, this is a finding.

Note: The above is only for EMM-Corporate (BlackBerry Balance) devices. EMM-Regulated (Work Space only) devices inherently meet this requirement.

Fix Text (F-43979r2_fix)
Configure the BlackBerry Device Service server to restrict the download of software within the Work Space to DoD-approved sources only.