BlackBerrys with removable memory cards (e.g., MicroSD) must be compliant with requirements.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19197 | WIR1090-02 | SV-21036r4_rule | ECSC-1 | Medium |
| Description |
|---|
| Malware could be downloaded from the memory card to the PC if not compliant. |
| STIG | Date |
|---|---|
| BlackBerry Handheld Device Security Technical Implementation Guide | 2011-07-14 |
Details
| Check Text ( C-23127r4_chk ) |
|---|
| Detailed Policy Requirements BlackBerrys with removable memory cards (e.g., MicroSD) must be compliant with the following requirements: -Use approved by the DAA or alternate approving official. -All data stored on the removable data storage media card is encrypted with FIPS 140-2 compliant encryption. -The removable data storage media card is bound to the BlackBerry such that it may not be read by any other PED or computer. Note: if external flash memory storage cards are used with BlackBerry devices, the "Disable External Memory" IT Policy rule has to be set to FALSE. Check Procedures -Verify removable flash media use on site BlackBerrys has been approved by the DAA or alternate approving official. Review approval documentation. Note: The IT Policy rule "External File System Encryption Level" setting is checked during the review of the BES (check WIR1450-02). |
| Fix Text (F-23355r1_fix) |
|---|
| BlackBerrys with removable memory cards (e.g., MicroSD) must be compliant with requirements. |