BlackBerry PlayBook Security Technical Implementation Guide

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

BlackBerry PlayBook Security Technical Implementation Guide

Overview

Version	Date	Finding Count (9)			Downloads
1	2012-02-08	CAT I (High): 0	CAT II (Med): 1	CAT III (Low): 8	Excel	JSON	XML

STIG Description
Contains the technical security requirements for the BlackBerry Playbook Tablet OS version 1.x when used in the DoD environment.

Available Profiles

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Findings (MAC III - Administrative Public)

Finding ID	Severity	Title	Description
V-30766	Medium	The installed version of the BlackBerry Playbook tablet operation system must be the latest version of OS 1.x.	Required security features are not available in earlier OS versions. In addition, BlackBerry Playbook tablet OS 2.x may not be used until a STIG update has been released covering that version. New...
V-25007	Low	Smartphones must be configured to require a password/passcode for device unlock.	Sensitive DoD data could be compromised if a device unlock password/passcode is not set up on DoD smartphones.
V-25016	Low	The device minimum password/passcode length must be set.	Sensitive DoD data could be compromised if a device unlock password/passcode is not set to required length on DoD smartphones.
V-24986	Low	All non-core applications on mobile devices must be approved by the DAA or Command IT Configuration Control Board.	Non-approved applications can contain malware. Approved applications should be reviewed and tested by the approving authority to ensure they do not contain malware, spyware, or have unexpected...
V-25010	Low	The smartphone inactivity timeout must be set.	Sensitive DoD data could be compromised if the smartphone does not automatically lock after the required period of inactivity.
V-30418	Low	Download of user owned data (music files, picture files, etc.) on mobile devices must be based on the Command’s Mobile Device Personal Use Policy.	The risk of installing user owned data (music files, picture files, etc.) on a non-DoD-network connected mobile device that does not contain sensitive or classified DoD data/information should be...
V-30419	Low	Connecting mobile devices to user social media web accounts (Facebook, Twitter, etc.) must be based on the Command’s Mobile Device Personal Use Policy.	The risk of connecting to user social media web accounts on a non-DoD-network connected mobile device that does not contain sensitive or classified DoD data/information should be evaluated by the...
V-30412	Low	The installation of user owned applications on the mobile device must be based on the Command’s Mobile Device Personal Use Policy.	The risk of installing personally owned or freeware apps on a DoD mobile device should be evaluated by the DAA against mission need and how the device is intended to be used. There is a risk that...
V-30417	Low	The use of the mobile device to view and/or download personal email must be based on the Command’s Mobile Device Personal Use Policy.	The risk of viewing and downloading personal email on a non-DoD-network connected mobile device that does not contain sensitive or classified DoD data/information should be evaluated by the DAA...