BlackBerry PlayBook OS must not permit mobile service carriers to have privileged access to the operating system or perform any function not directed by the user.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-38738	PB21-00-000210	SV-50543r1_rule		High

Description
Permitting mobile service carriers access to the mobile operating system leaves the device vulnerable to breach from rogue elements within the carrier infrastructure. Mobile service carriers are not subject to the same personnel, operational, and technical controls as DoD organizations. For example, its employees in most cases do not have active DoD clearances. When a mobile service carrier must update software or configuration on a mobile device, these updates must come from a DoD approved source, which in many cases is the vendor of the MOS software. Preventing mobile service carrier access to mobile operating systems greatly mitigates the risk associated with this vulnerability. Research In Motion does not pre-install any software that would allow carriers to access or manipulate a BlackBerry device. As well, all applications available through App World are tested and monitored for malicious code, and applications must be signed by RIM to allow them to be installed on a BlackBerry Device, and these applications and their permissions must be acknowledged by the user or system administrator before they can be installed.

Description

Permitting mobile service carriers access to the mobile operating system leaves the device vulnerable to breach from rogue elements within the carrier infrastructure. Mobile service carriers are not subject to the same personnel, operational, and technical controls as DoD organizations. For example, its employees in most cases do not have active DoD clearances. When a mobile service carrier must update software or configuration on a mobile device, these updates must come from a DoD approved source, which in many cases is the vendor of the MOS software. Preventing mobile service carrier access to mobile operating systems greatly mitigates the risk associated with this vulnerability. Research In Motion does not pre-install any software that would allow carriers to access or manipulate a BlackBerry device. As well, all applications available through App World are tested and monitored for malicious code, and applications must be signed by RIM to allow them to be installed on a BlackBerry Device, and these applications and their permissions must be acknowledged by the user or system administrator before they can be installed.

STIG	Date
BlackBerry PlayBook OS V2.1 Security Technical Implementation Guide	2014-08-29

Details

Check Text ( C-46283r1_chk )
Navigate to "Options -> Security -> Application Permissions" and select each application listed, and ensure only DoD authorized permissions (Files, GPS Location, Camera, etc.) for this application is set to "Allowed" or "Prompt", with non-authorized permissions set to "Denied". Otherwise, this is a finding.

Fix Text (F-43693r1_fix)
Navigate to "Options -> Security -> Application Permissions" and select each application listed, and set only DoD authorized permissions (Files, GPS Location, Camera, etc.) for this application to "Allowed" or "Prompt", with non-authorized permissions set to "Denied".