BlackBerry PlayBook OS must disallow the device unlock password from containing fewer than a specified minimum number of lower case alphabetic characters.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| PB21-00-000150 | PB21-00-000150 | PB21-00-000150_rule | Medium |
| Description |
|---|
| Password complexity or strength refers to how difficult it is to determine a password using a dictionary or brute force attack. Setting minimum numbers of certain types of characters increases password complexity, and therefore makes it more difficult for an adversary to discover the password. In the DoD, the expectation is that the setting will range from a minimum of 1 to 2 lower case characters in the device unlock password. The parameter should be selected based on a risk assessment that weighs factors, such as the environments the device will be located and operational requirements for users to access data in a timely manner. |
| STIG | Date |
|---|---|
| BlackBerry PlayBook OS V2.1 STIG | 2013-05-03 |
Details
| Check Text ( C-PB21-00-000150_chk ) |
|---|
| 1. Navigate to "Options -> BlackBerry Balance". 2. Select the Pencil icon. 3. Select "Change Password". 4. Select "Password Rules". 5. Verify the dialog states: "Password must contain at least one lowercase letter". Otherwise, this is a finding. |
| Fix Text (F-PB21-00-000150_fix) |
|---|
| On BlackBerry Device Service: Set "Minimum Password Complexity" IT Policy rule to: "At least 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character". |