UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

BlackBerry devices must be provisioned so users can digitally sign and encrypt email notifications or any other email required by DoD policy.


Overview

Finding ID Version Rule ID IA Controls Severity
V-11871 WIR1055-01 SV-12371r3_rule ECSC-1 Low
Description
S/MIME provides the capability for users to send and receive S/MIME email messages from wireless email devices. S/MIME and digital signatures provide assurance that the message is authentic and is required by DoD policy. Reference the DoD CIO memorandum regarding interim guidance on the use of derived PKI credentials (2015-05-06 DoD Interim Guidance for Implementing Derived PKI Credentials on Unclass CMDs) for BlackBerry certificate configuration information.
STIG Date
BlackBerry OS 7.x Security Technical Implementation Guide 2015-07-02

Details

Check Text ( C-14987r2_chk )
Perform the following steps on a sample of site BlackBerry devices (use 2-3 devices as a random sample), as appropriate, to verify users have the capability to sign and encrypt email.

Verify S/MIME is configured such that users may sign messages.

Check a sample of BlackBerry devices:

- Verify S/MIME application and Smart Card Reader drivers are installed on the device:
o On the BlackBerry go to Settings>Options>Advanced Options>Applications.
o Look for the following applications:
---S/MIME Support Package
---PIV Drivers (optional)
---BlackBerry Smart Card Reader
---DoD Root Certificates

-Verify Certificates are configured on the BlackBerry:
---Settings>Options>Security Options>Certificate Servers – GDS and OCSP servers should be
listed.
---Settings>Options>Security Options>Certificate - DoD Root certificates should be listed.
---Settings>Options>Security Options>S/MIME – User’s public keys should be loaded.
Fix Text (F-23347r2_fix)
BlackBerry devices must be provisioned so users can digitally sign and encrypt emergency and/or critical email notifications.