BlackBerry PlayBook OS must prevent a user from using a browser that does not direct its traffic to a DoD proxy server.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
PB21-00-000330	PB21-00-000330	PB21-00-000330_rule		Medium

Description
Proxy servers can inspect traffic for malware and other signs of a security attack. Allowing a mobile device to access the public Internet without proxy server inspection forgoes the protection that the proxy server would otherwise provide. Malware downloaded onto the device could have a wide variety of malicious consequences, including loss of sensitive DoD information. Forcing traffic to flow through a proxy server greatly mitigates the risk of access to public Internet resources.

Description

Proxy servers can inspect traffic for malware and other signs of a security attack. Allowing a mobile device to access the public Internet without proxy server inspection forgoes the protection that the proxy server would otherwise provide. Malware downloaded onto the device could have a wide variety of malicious consequences, including loss of sensitive DoD information. Forcing traffic to flow through a proxy server greatly mitigates the risk of access to public Internet resources.

STIG	Date
BlackBerry PlayBook OS V2.1 STIG	2013-05-03

Details

Check Text ( C-PB21-00-000330_chk )
On BlackBerry Device Service: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software -> Applications". 2. Click "Manage applications". 3. Review the listed browser applications. If any unauthorized browser applications are listed, this is a finding.

Fix Text (F-PB21-00-000330_fix)
On BlackBerry Device Service: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software -> Applications". 2. Click "Manage applications". 3. Delete the unauthorized browser application.