Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19196 | WIR1090-01 | SV-21035r4_rule | ECSC-1 | Medium |
Description |
---|
Malware can be downloaded onto DoD PCs if required procedures are not followed. |
STIG | Date |
---|---|
BlackBerry Handheld Device Security Technical Implementation Guide | 2011-04-11 |
Check Text ( C-23126r3_chk ) |
---|
Detailed Policy Requirements: BlackBerrys will not be connected to DoD Windows computers via a USB connection unless the following conditions are met: - The DoD Windows computer utilizes the DoD Host Based Security System (HBSS) with the Device Control Module (DCM). Configuration requirements are found in CTO 10-004A. -Autorun is disabled on the Windows PC. Check Procedures: Check Procedures: Interview the IAO and smartphone administrator. Check the following on sample (use 3-4 devices as a random sample) PCs: - Verify the site has implemented HBSS with DCM on computers used to connect BlackBerrys. Have the Windows reviewer assist in determining that HBSS with DCM is installed (usually verified during a Windows Workstation review). - Verify Autorun is disabled (usually verified during a Windows Workstation review). |
Fix Text (F-23354r1_fix) |
---|
BlackBerrys that are connected to DoD Windows computers via a USB connection must be compliant with requirements. |