V-11870 | High | Onset Technologies METAmessage software must not be installed on DoD BlackBerry devices or on the BES.
| Onset Technologies METAmessage software is production software which may introduce a virus or other malicious code on the system. This software is not approved for use on DoD systems. |
V-19311 | Medium | BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements. | Non-secure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack. |
V-19312 | Medium | BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements. | Non-secure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack. |
V-26508 | Medium | Only approved Bluetooth headset and handsfree devices must be used with site managed BlackBerry devices. | Bluetooth usage could provide an attack vector for a hacker to connect to a BlackBerry device without the knowledge of the user. DoD data would then be vulnerable. |
V-19213 | Medium | BlackBerry devices must have required operating system software version installed. | Required security features are not available in earlier OS versions. In addition, there are known vulnerabilities in earlier versions. |
V-11871 | Low | BlackBerry devices must be provisioned so users can digitally sign and encrypt email notifications or any other email required by DoD policy. | S/MIME provides the capability for users to send and receive S/MIME email messages from wireless email devices. S/MIME and digital signatures provide assurance that the message is authentic and... |
V-11872 | Low | If BlackBerry email auto signatures are used, the signature message must not disclose that the email originated from a BlackBerry or mobile device (e.g., “Sent From My Wireless Handheld”). | The disclaimer message may give information which may key an attacker in on the device. This is primarily an OPSEC issue. This setting was directed by the USCYBERCOM. |
V-11875 | Low | All Internet browser icons must be disabled from the BlackBerry device except for the BlackBerry Internet Browser icon.
| The BlackBerry Browser forces all Internet browsing to go through the site internet gateway, which provides additional security over the carrier's browser. |
V-11866 | Low | BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements. | Insecure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack. |
V-11865 | Low | When the Password Keeper is enabled on the BlackBerry device, the AO must review and approve its use, and the application must be configured as required. | Password Keeper is a default BlackBerry application that can be installed on the BlackBerry handheld device. This application allows users to store passwords. The use of Password Keeper should be... |
V-19281 | Low | BlackBerry devices must be provisioned so users can digitally sign and encrypt email notifications. | S/MIME provides the capability for users to send and receive S/MIME email messages from wireless email devices. S/MIME and digital signatures provide assurance that the message is authentic and is... |
V-19313 | Low | BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements. | Non-secure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack. |
V-19227 | Low | Security configuration settings on the BlackBerry devices managed by the site must be compliant with requirements listed in Table 5, BlackBerry STIG Configuration Tables. | These checks are related to a defense-in-depth approach for the BlackBerry, including ensuring the locked BlackBerry is not identified as a DoD BlackBerry and providing visual indicators when the... |
V-19228 | Low | The setup of group BlackBerrys must be compliant with requirements listed in Appendix E of the BlackBerry STIG Overview. | If the configuration is not compliant, actions on team BlackBerrys will not be traceable to a specific user as required by DoD audit policies. |
V-22058 | Low | BlackBerry Web Desktop Manager (BWDM) or BlackBerry Desktop Manager (BDM) must be configured as required. | The BWDM provides the capability for users to self provision their BlackBerry, and to synchronize the BlackBerrys to the BES. The BWDM works by providing a web client interface to the BlackBerry... |
V-21949 | Low | Required version of the BlackBerry Smart Card Reader (SCR) hardware must be used, and required versions of the drivers must be installed both on the BlackBerry and the SCR. | Required SCR security features are not available in earlier versions, and therefore Bluetooth vulnerabilities will not have been patched. |