Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-21949 | WIR1040-06 | SV-25132r4_rule | Low |
Description |
---|
Required SCR security features are not available in earlier versions, and therefore Bluetooth vulnerabilities will not have been patched. |
STIG | Date |
---|---|
BlackBerry OS 7.x Security Technical Implementation Guide | 2015-07-02 |
Check Text ( C-26799r6_chk ) |
---|
Detailed Policy Requirements: Site BlackBerry devices and SCRs must have required software versions installed. The BlackBerry SCR hardware must be version 1 (model PRD-09695-004) or version 2 (model PRD-16951-001). BlackBerry SCR software package version 4.2.0.107 or later is required (Application version 4.2.0.107, Software platform 1.5.0.81). Apriva Bluetooth SCR (BT200) driver v03-30-02 or later is required. Biometric Associates BaiMobile 3000MP SCR driver 0.1.3(19.07.13) or later. Check Procedures: If using the BlackBerry SCR: Verify required SCR model is used. The model number can be found under the battery. Verify required BlackBerry SCR software is being used. On a sample of BlackBerry SCRs (use 2-3 devices for random sample), press and hold the Action button until "rEsetInG" appears, and then read the Application version and Software platform version as they are displayed. If using the Apriva SCR: On the BlackBerry, press lower case v (as in Victor) to verify the version number of the Apriva Utility installed on the BlackBerry. On the BlackBerry, press lower case r (as in Romeo) to verify the version number of the Apriva driver installed on the Apriva SCR. If using the Biometric Associates SCR: On the BlackBerry, go to Settings >> Device >> Application Management >> baiSmartCardReader and verify the version number of the installed driver. If the required driver is not installed, this is a finding. |
Fix Text (F-11479r1_fix) |
---|
Comply with DoD policy. |