UCF STIG Viewer Logo

BlackBerry PlayBook OS V2.1 Security Technical Implementation Guide


Overview

Date Finding Count (31)
2014-08-29 CAT I (High): 4 CAT II (Med): 23 CAT III (Low): 4
STIG Description
Developed by BlackBerry Ltd. in coordination with DISA for use in the DoD. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-38748 High Only DoD PKI issued or DoD approved software authentication certificates may be installed on BlackBerry PlayBook OS.
V-38739 High BlackBerry PlayBook OS must prevent a user from installing applications from an untrusted source (other than BlackBerry World) in the personal space.
V-38738 High BlackBerry PlayBook OS must not permit mobile service carriers to have privileged access to the operating system or perform any function not directed by the user.
V-53891 High BlackBerry PlayBook OS versions no longer supported by the manufacturer or vendor must not be installed on a device.
V-38742 Medium BlackBerry PlayBook OS must authenticate devices before establishing remote network (e.g., VPN) connections using bidirectional cryptographically based authentication between devices.
V-38743 Medium BlackBerry PlayBook OS VPN client must employ DoD PKI approved mechanisms for authentication when connecting to DoD networks.
V-38740 Medium BlackBerry PlayBook OS must only permit download of software from a DoD approved source (e.g., DoD operated mobile device application store or MDM server).
V-38741 Medium BlackBerry PlayBook OSs Wi-Fi module must use EAP-TLS authentication when authenticating to DoD WLAN authentication servers.
V-38746 Medium BlackBerry PlayBook OS must prohibit the use of non-DoD authorized instant messaging (IM) systems.
V-38744 Medium BlackBerry PlayBook OSs VPN client must use either IPSec or SSL/TLS when connecting to DoD networks.
V-38749 Medium Only DoD PKI issued or DoD approved server authentication certificates may be installed on BlackBerry PlayBook OS.
V-38708 Medium BlackBerry PlayBook OS must disallow the device unlock password from containing fewer than a specified minimum number of lower case alphabetic characters.
V-38709 Medium BlackBerry PlayBook OS must disallow the device unlock password from containing fewer than a specified minimum number of numeric characters.
V-38707 Medium BlackBerry PlayBook OS must disallow the device unlock password from containing fewer than a specified minimum number of upper case alphabetic characters, lower case alphabetic characters, and numeric characters.
V-38704 Medium BlackBerry PlayBook OS must retain the device lock until the user reestablishes access using established identification and authentication procedures.
V-38705 Medium BlackBerry PlayBook OS must lock the device after no more than 15 minutes of inactivity.
V-38703 Medium BlackBerry PlayBook OS must retain the lock work space until the user reestablishes access using established identification and authentication procedures.
V-38755 Medium BlackBerry PlayBook OS must employ mobile device management services to centrally manage VPN profiles
V-38754 Medium BlackBerry PlayBook OS must employ mobile device management services to centrally manage Wi-Fi profiles
V-38757 Medium BlackBerry PlayBook OS must prohibit wireless remote access connections except for personal hotspot service.
V-38756 Medium BlackBerry PlayBook OS must encrypt all data on the mobile device using AES encryption (AES 128 bit encryption key length is the minimum requirement; AES 256 desired).
V-38750 Medium BlackBerry PlayBook OS must prevent a user from using a browser that does not direct its traffic to a DoD proxy server.
V-38753 Medium BlackBerry PlayBook OS must employ mobile device management services to centrally manage email settings
V-38752 Medium BlackBerry PlayBook OS must employ mobile device management services to centrally manage IT Policies
V-38759 Medium BlackBerry PlayBook OS must allow user to configure a non-complex 4 digit password for the personal space.
V-38758 Medium BlackBerry PlayBook OS must not permit a user to disable the password-protected lock feature on the work space.
V-38712 Medium BlackBerry PlayBook OS must enforce a minimum length for the work area password.
V-38706 Low BlackBerry PlayBook OS must synchronize the internal clock at least once every 24 hours with an authoritative time server or the Global Positioning System.
V-38737 Low BlackBerry PlayBook OS must enforce a minimum length for the device unlock password.
V-38710 Low BlackBerry PlayBook OS must enforce a maximum lifetime of 120 days for the device unlock password (password age).
V-38711 Low BlackBerry PlayBook OS must prohibit a user from reusing any of the last five previously used device unlock passwords.