UCF STIG Viewer Logo

BlackBerry OS 10.3.x Security Technical Implementation Guide


Overview

Date Finding Count (41)
2016-09-08 CAT I (High): 3 CAT II (Med): 24 CAT III (Low): 14
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Public)

Finding ID Severity Title
V-65695 High BlackBerry OS 10.3 must protect data at rest on removable storage media. The requirement applies only to Work - Only Activation types.
V-65759 High BlackBerry OS 10.3 must protect data at rest on built-in storage media for Personal space. This requirement only applies to Work and Personal Corporate and Work and personal - Regulated activation types.
V-65683 High BlackBerry OS 10.3 must require a valid password be successfully entered before the mobile device data is unencrypted.
V-65699 Medium BlackBerry OS 10.3 must not allow the USB mass storage mode.
V-65715 Medium BlackBerry OS 10.3 must implement the management setting: disable the transfer of any file-based data via Bluetooth.
V-65691 Medium BlackBerry OS 10.3 must not allow protocols supporting wireless remote access connections.
V-65763 Medium BlackBerry OS 10.3 must prevent untrusted connections to the mail server.
V-65761 Medium BlackBerry OS 10.3 must prevent opening links in work email messages in the personal browser. This requirement only applies to Work and personal - Corporate and Work and personal - Regulated activation types.
V-65749 Medium BlackBerry OS 10.3 must force the use of BBM Protected mode.
V-65705 Medium BlackBerry OS 10.3 must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (HandsFree Profile), and SPP (Serial Port Profile).
V-65707 Medium BlackBerry OS 10.3 must be configured to prevent non-approved updates of system software.
V-65725 Medium BlackBerry OS 10.3 must implement the management setting: disable lock screen preview of work content.
V-65723 Medium BlackBerry OS 10.3 must implement the management setting: disable BlackBerry Bridge.
V-65721 Medium BlackBerry OS 10.3 must implement the management setting: disallow Personal Space applications access to the Work Space network connection. This requirement does not apply to the Work space only activation type.
V-65711 Medium BlackBerry OS 10.3 must implement the management setting: must bind removable storage media cards to the mobile device via centrally managed policy. This requirement is applicable to Work space only activation Type.
V-65703 Medium BlackBerry OS 10.3 work space whitelist must not include applications with the following characteristics: (See Vulnerability Discussion for list).
V-65717 Medium BlackBerry OS 10.3 must implement the management setting: disable the transfer of any file-based data via Near Field Communication (NFC) via centrally managed policy.
V-65693 Medium BlackBerry OS 10.3 must not allow use of developer modes.
V-65687 Medium BlackBerry OS 10.3 must lock the Work Space after 15 minutes (or less) of inactivity.
V-65773 Medium BlackBerry OS 10.3 must prevent third-party apps from using BlackBerry Blend.
V-65709 Medium BlackBerry OS 10.3 must implement the management setting: limit Work Space contact data available in Personal space.
V-65765 Medium BlackBerry OS 10.3 must prevent the use of BlackBerry Protect.
V-65719 Medium BlackBerry OS 10.3 must implement the management setting: enforce the minimum password length for the Personal Space password to 4 digits. This requirement does not apply to the Work space only activation type.
V-65713 Medium BlackBerry OS 10.3 must implement the management setting: disable Bluetooth Discoverable Mode via centrally managed policy. This requirement only applies to Work space only and Work and personal - Regulated activation types.
V-65753 Medium BlackBerry OS 10.3 must implement the management setting: disable Voice Dictation in Work Applications.
V-65757 Medium BlackBerry OS 10.3 must implement the management setting: Check certificate expiry for MDM connection.
V-65755 Medium BlackBerry OS 10.3 must implement the management setting: display External Email Address Warning Message.
V-71491 Low The BlackBerry OS 10.3 The BlackBerry OS 10.3 smartphone must close the Hotspot Browser connection if the user does not log into the Hotspot Browser after 15 minutes (or less).
V-65689 Low BlackBerry OS 10.3 must not allow more than 10 consecutive failed authentication attempts.
V-71493 Low The BlackBerry OS 10.3 smartphone must implement the management setting: Allow use of preloaded trusted root certificates
V-65697 Low BlackBerry OS 10.3 must display the DoD advisory warning message each time the device restarts. This requirement does not apply to Work and personal - Corporate.
V-65727 Low The BlackBerry MDM Agent must be configured to operate in a NIAP Common Criteria mode of operation, to enable generation of audit records of required events: (See Vulnerability Discussion for list). This requirement only applies to Work space only and Work and personal - Regulated activation types.
V-65741 Low The BlackBerry MDM Agent must be configured to generate an audit record of required Informational level events, which may include: (See Vulnerability Discussion for list). This requirement only applies to Work space only and Work and personal - Regulated activation types.
V-65743 Low The BlackBerry MDM Agent must be configured to generate an audit record of failed required events, which may include: (See Vulnerability Discussion for list). This requirement only applies to Work space only and Work and personal - Regulated activation types.
V-65745 Low The BlackBerry MDM Agent must be configured to generate an audit record of required error level events, which may include: (See Vulnerability Discussion for list). This requirement only applies to Work space only and Work and personal - Regulated activation types.
V-65685 Low BlackBerry OS 10.3 must enforce a minimum password length of 6 characters.
V-65733 Low The BlackBerry MDM Agent must be configured to generate an audit record of successful required events, including: (See Vulnerability Discussion for list). This requirement only applies to Work space only and Work and personal - Regulated activation types.
V-65731 Low The BlackBerry MDM Agent must be configured to generate an audit record of required events: (See Vulnerability Discussion for list). This requirement only applies to Work space only and Work and personal - Regulated activation types.
V-65701 Low BlackBerry OS 10.3 must disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.
V-65751 Low The BlackBerry MDM Agent must be configured to synchronize generated audit records of required events every 6 hours or less. This requirement only applies to Work space only and Work and personal - Regulated activation types.
V-65747 Low The BlackBerry MDM Agent must be configured to generate an audit record of required warning level events, which may include: (See Vulnerability Discussion for list). This requirement only applies to Work space only and Work and personal - Regulated activation types.