Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-11871 | WIR1055-01 | SV-12371r3_rule | ECSC-1 | Low |
Description |
---|
S/MIME provides the capability for users to send and receive S/MIME email messages from wireless email devices. S/MIME and digital signatures provide assurance that the message is authentic and is required by DoD policy. Reference the DoD CIO memorandum regarding interim guidance on the use of derived PKI credentials (2015-05-06 DoD Interim Guidance for Implementing Derived PKI Credentials on Unclass CMDs) for BlackBerry certificate configuration information. |
STIG | Date |
---|---|
BlackBerry OS 7.x Security Technical Implementation Guide | 2015-07-02 |
Check Text ( C-14987r2_chk ) |
---|
Perform the following steps on a sample of site BlackBerry devices (use 2-3 devices as a random sample), as appropriate, to verify users have the capability to sign and encrypt email. Verify S/MIME is configured such that users may sign messages. Check a sample of BlackBerry devices: - Verify S/MIME application and Smart Card Reader drivers are installed on the device: o On the BlackBerry go to Settings>Options>Advanced Options>Applications. o Look for the following applications: ---S/MIME Support Package ---PIV Drivers (optional) ---BlackBerry Smart Card Reader ---DoD Root Certificates -Verify Certificates are configured on the BlackBerry: ---Settings>Options>Security Options>Certificate Servers – GDS and OCSP servers should be listed. ---Settings>Options>Security Options>Certificate - DoD Root certificates should be listed. ---Settings>Options>Security Options>S/MIME – User’s public keys should be loaded. |
Fix Text (F-23347r2_fix) |
---|
BlackBerry devices must be provisioned so users can digitally sign and encrypt emergency and/or critical email notifications. |