BlackBerry PlayBook OS must only permit download of software from a DoD approved source (e.g., DoD operated mobile device application store or MDM server).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-38740	PB21-00-000230	SV-50545r1_rule		Medium

Description
DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system in most cases can be configured to disable user access to public application stores. However, in some cases, DoD may approve downloads directly from the OS vendor.

Description

DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system in most cases can be configured to disable user access to public application stores. However, in some cases, DoD may approve downloads directly from the OS vendor.

STIG	Date
BlackBerry PlayBook OS V2.1 Security Technical Implementation Guide	2014-08-29

Details

Check Text ( C-46285r1_chk )
On BlackBerry Device Service: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software -> Applications". 2. Click "Manage applications". 3. Review the applications listed under "BlackBerry World Applications". If any applications are listed, this is a finding.

Fix Text (F-43695r1_fix)
On BlackBerry Device Service: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software -> Applications". 2. Click "Manage applications". 3. Delete all applications under "BlackBerry World Applications".