BlackBerry devices must be provisioned so that users can digitally sign and encrypt e-mail notifications or any other email required by DoD policy.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-11871 | WIR1055-01 | SV-12371r10_rule | ECSC-1 | Low |
| Description |
|---|
| S/MIME provides the capability for users to send and receive S/MIME email messages from wireless email devices. S/MIME and digital signatures provide assurance that the message is authentic and is required by DoD policy. |
| STIG | Date |
|---|---|
| BlackBerry Handheld Device Security Technical Implementation Guide | 2011-09-30 |
Details
| Check Text ( C-14987r4_chk ) |
|---|
| Perform the following steps on a sample of site blackberry devices (use 3-4 devices as a random sample) as appropriate, to verify users have the capability to sign and encrypt email. Verify that S/MIME is configured such that users may sign messages. Check a sample of BlackBerry devices: - Verify S/MIME application and Smart Card Reader drivers are installed on the device: o On the BlackBerry go to Settings>Options>Advanced Options>Applications. o Look for the following applications: ---S/MIME Support Package ---PIV Drivers (optional) ---BlackBerry Smart Card Reader ---DoD Root Certificates -Verify Certificates are configured on the BlackBerry: ---Settings>Options>Security Options>Certificate Servers – GDS and OCSP servers should be listed. ---Settings>Options>Security Options>Certificate - DoD Root certificates should be listed. ---Settings>Options>Security Options>S/MIME – User’s public keys should be loaded. |
| Fix Text (F-23347r1_fix) |
|---|
| BlackBerry devices must be provisioned so that users can digitally sign and encrypt emergency and/or critical e-mail notifications. |