| V-11870 | High | Onset Technologies METAmessage software must not be installed on DoD BlackBerry devices or on the BES.
| Onset Technologies METAmessage software is production software which may introduce a virus or other malicious code on the system. This software is not approved for use on DoD systems. |
| V-19311 | Medium | BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements.
| Non-secure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack. |
| V-19312 | Medium | Blackberry Bluetooth SCR use with site PCs must be compliant with requirements.
| Non-secure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack.
|
| V-16340 | Medium | BlackBerry devices managed by the site must be scanned with the DoD Autoberry tool or the commercially available Fixmo Sentinel tool as required.
| The purpose of this scan is to determine if there has been an unexplained change in the BlackBerry file system that may indicate the device has been compromised. |
| V-19216 | Medium | Mitigation actions identified by Autoberry or Fixmo Sentinel scans on site managed BlackBerrys must be implemented. (The results and mitigation actions reported by the tool should be available from the site IAO or BlackBerry administrator.) | If mitigation actions identified by the Autoberry or Fixmo Sentinel tools are not implemented, DoD data and the enclave could be at risk of being compromised. |
| V-26508 | Medium | Only approved Bluetooth headset and handsfree devices must be used with site managed BlackBerry devices. | Bluetooth usage could provide an attack vector for a hacker to connect to a BlackBerry device without the knowledge of the user. DoD data would then be vulnerable. |
| V-19213 | Medium | BlackBerry devices must have required operating system software version installed. | Required security features are not available in earlier OS versions. In addition, there are known vulnerabilities in earlier versions. |
| V-11871 | Low | BlackBerry devices must be provisioned so users can digitally sign and encrypt email notifications or any other email required by DoD policy. | S/MIME provides the capability for users to send and receive S/MIME email messages from wireless email devices. S/MIME and digital signatures provide assurance that the message is authentic and... |
| V-11872 | Low | If BlackBerry email auto signatures are used, the signature message must not disclose that the email originated from a BlackBerry or mobile device (e.g., “Sent From My Wireless Handheld”). | The disclaimer message may give information which may key an attacker in on the device. This is primarily an OPSEC issue. This setting was directed by the JTF GNO. |
| V-11875 | Low | All Internet browser icons must be disabled from the BlackBerry device except for the BlackBerry Internet Browser icon.
| The BlackBerry Browser forces all Internet browsing to go through the site internet gateway, which provides additional security over the carrier's browser. |
| V-11866 | Low | BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements.
| Insecure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack. |
| V-11865 | Low | When the Password Keeper is enabled on the BlackBerry device, the DAA must review and approve its use, and the application must be configured as required. | Password Keeper is a default BlackBerry application provided by RIM that can be installed on the BlackBerry handheld device. This application allows users to store passwords. The use of Password... |
| V-19281 | Low | BlackBerry devices must be provisioned so users can digitally sign and encrypt email notifications. | S/MIME provides the capability for users to send and receive S/MIME email messages from wireless email devices. S/MIME and digital signatures provide assurance that the message is authentic and is... |
| V-19313 | Low | BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements.
| Non-secure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack. |
| V-19227 | Low | Security configuration settings on the BlackBerry devices managed by the site must be compliant with requirements listed in Table 5, BlackBerry STIG Configuration Tables. | These checks are related to a defense-in-depth approach for the BlackBerry, including ensuring the locked BlackBerry is not identified as a DoD BlackBerry and providing visual indicators when the... |
| V-19228 | Low | The setup of group BlackBerrys must be compliant with requirements listed in Appendix E of the BlackBerry STIG Overview. | If the configuration is not compliant, actions on team BlackBerrys will not be traceable to a specific user as required by DoD audit policies. |
| V-22058 | Low | BlackBerry Web Desktop Manager (BWDM) or Blackberry Desktop Manager (BDM) must be configured as required. | The BWDM provides the capability for users to self provision their BlackBerry, and to synchronize the BlackBerrys to the BES. The BWDM works by providing a web client interface to the BlackBerry... |
| V-19217 | Low | The results and mitigation actions from Autoberry and Fixmo Sentinel tool scans must be maintained by the site for at least 6 months (1 year recommended). | Scan results must be maintained so auditors can verify mitigation actions have been completed, so a scan can be compared to a previous scan, and to determine if there are any security... |
| V-21949 | Low | Required version of the Blackberry Smart Card Reader (SCR) hardware must be used and required versions of the drivers must be installed both on the BlackBerry and the SCR. | Required SCR security features are not available in earlier versions and, therefore, Bluetooth vulnerabilities will not have been patched. |
