V-48547 | High | The BlackBerry Device Service server must disable the transfer of any file-based data via Bluetooth (Bluetooth MAP without prompt) via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48543 | High | The BlackBerry Device Service server must disable the transfer of any file-based data via Bluetooth via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48583 | High | The BlackBerry Device Service server must use organization defined replay-resistant authentication mechanisms for network access to privileged accounts. | An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Replay attacks, if... |
V-48581 | High | The BlackBerry Device Service server must require administrators to be authenticated with an individual authenticator prior to using a group authenticator. | To assure individual accountability and prevent unauthorized access, MDM administrators and users (and any processes acting on behalf of users) must be individually identified and authenticated. ... |
V-48607 | High | The BlackBerry Device Service server must disable any mobile OS service that connects to a cloud storage server via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48609 | High | The BlackBerry Device Service server must direct all Work Space application traffic through the BlackBerry Device Service server via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48589 | High | The BlackBerry Device Service server must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. | MDM applications utilizing encryption are required to use approved encryption modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations,... |
V-48555 | High | The BlackBerry Device Service server must disable the transfer of any file-based data via Near Field Communication (NFC) via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48545 | High | The BlackBerry Device Service server must disable the transfer of any file-based data via Bluetooth (Bluetooth MAP) via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48503 | High | The BlackBerry Device Service server must implement separation of administrator duties by requiring a specific role be assigned to each administrator account. | Separation of duties supports the management of individual accountability and reduces the power of one individual or administrative account. Employing a separation of duties model reduces the... |
V-48549 | High | The BlackBerry Device Service server must disable the transfer of any file-based data via Bluetooth (Transfer Work Contacts Using Bluetooth PBAP or HFP) via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48591 | High | The BlackBerry Device Service server must employ strong identification and authentication techniques in the establishment of non-local maintenance and diagnostic sessions. | Lack of authentication enables anyone to gain access to the MDM. Network access control mechanisms interoperate to prevent unauthorized access and to enforce the organization's security policy.... |
V-48617 | High | The BlackBerry Device Service server must disable any mobile OS service that connects to a cloud-based service via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48519 | Medium | The BlackBerry Device Service server must disable the Audio/Video Remote Control Profile (AVRCP) Bluetooth profile via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48557 | Medium | The BlackBerry Device Service server must enable Bluetooth 128 bit encryption via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48553 | Medium | The BlackBerry Device Service server must enable Bluetooth pairing using a randomly generated passkey size of at least 8 digits via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48577 | Medium | The BlackBerry Device Service server must be configured to prevent users from performing self-service tasks. | The overall security posture of the BlackBerry system is dependent on strict configuration management controls, including ensuring only authorized BlackBerry devices are being used and authorized... |
V-48513 | Medium | The BlackBerry Device Service server must enforce the email client S/MIME encryption algorithm to be 3DES or AES256 via centrally managed policy. | Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data.... |
V-48509 | Medium | The BlackBerry Device Service server must bind removable storage media cards to the mobile device via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48517 | Medium | The BlackBerry Device Service server must disable the Advanced Audio Distribution Profile (A2DP) Bluetooth profile via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48603 | Medium | The BlackBerry Device Service server must disable the mobile device users access to BlackBerry World for Work Space and only allow access to apps published from BlackBerry Device Service. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48587 | Medium | The key store password for the certificate that the BlackBerry Administration Service (BAS) and BlackBerry Web Desktop Manager (BWDM) use must be changed from the default. | The key store password protects the server digital authentication certificates from unauthorized use. |
V-48605 | Medium | The BlackBerry Device Service server must force the display of a warning banner on the lock screen of the mobile device via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48585 | Medium | The BlackBerry Device Service server must support administrator authentication to the server via the Enterprise Authentication Mechanisms authentication. | In the DoD, Administrator credential requirements for authentication are defined by CTO 07-115Rev1, which is can be enforced by the Enterprise Authentication Mechanism. Non-complaint credential... |
V-48525 | Medium | The BlackBerry Device Service server must disable the Hands-Free Profile (HFP) Bluetooth profile via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48527 | Medium | The BlackBerry Device Service server must disable the Message Access Profile (MAP) Bluetooth profile via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48523 | Medium | The BlackBerry Device Service server must disable the Phone Book Access Profile (PBAP) Bluetooth profile via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48561 | Medium | BlackBerry Web Desktop Manager must be configured to permit users to activate new BlackBerry devices only. | The overall security posture of the BlackBerry system is dependent on strict configuration management controls, including ensuring only authorized BlackBerry devices are being used and authorized... |
V-48575 | Medium | The BlackBerry Device Service server must configure the Work Space to prohibit the download of software from a DoD non-approved source (e.g., a non-DoD operated mobile device application store or BlackBerry Device Service server). | DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD-approved source,... |
V-48565 | Medium | The BlackBerry Device Service server must set the number of incorrect password attempts before a data wipe procedure is initiated to 10 via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48567 | Medium | The BlackBerry Device Service server must enable a Work Space password via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48559 | Medium | The BlackBerry Device Service server must be configured to accept only trusted connections to back-office enclave application or web push servers. Push servers are set up to push content to BlackBerry users. | Only authorized servers should be able to push content to BlackBerry devices. |
V-48571 | Medium | The BlackBerry Device Service server must enable a minimum Work Space password length of six or more characters via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48613 | Medium | The BlackBerry Device Service server must have the administrative functionality disallow hyperlinks within Work Space applications from opening within the Personal Space browser application via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48611 | Medium | The BlackBerry Device Service server must disallow Personal Space applications access to the Work Space network connection via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48529 | Medium | The BlackBerry Device Service server must disable the Personal Area Networking Profile (PAN) Bluetooth profile via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48537 | Medium | The BlackBerry Device Service server must disable Bluetooth Discoverable Mode via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48573 | Medium | The BlackBerry Device Service server must set the Work Space inactivity timeout to 15 minutes via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48601 | Low | The BlackBerry Device Service server must enforce the minimum password length for the Personal Space password to 4 digits via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |
V-48579 | Low | BlackBerry Web Desktop Manager must be configured to disable a users capability to perform a user-initiated backup or restore. | The overall security posture of the BlackBerry system is dependent on strict configuration management controls, including ensuring only authorized BlackBerry devices are being used and authorized... |
V-48593 | Low | The server PKI digital certificate installed on the BlackBerry Device Service (BDS) Server to support BlackBerry Administration Service and BlackBerry Web Desktop Manager (BWDM) authentication must be a DoD PKI issued certificate. | When a self signed PKI certificate is used, a rogue BDS server can impersonate the DoD BDS server during SA connections to the BAS or when a BlackBerry user uses BWDM to connect to the BAS. In... |
V-48599 | Low | The BlackBerry Device Service server must allow only Work Space contacts to be read from a native Personal Space application via centrally managed policy. | Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not... |