BlackBerry PlayBook OSs Wi-Fi module must use EAP-TLS authentication when authenticating to DoD WLAN authentication servers.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-38741	PB21-00-000240	SV-50546r1_rule		Medium

Description
Without strong mutual authentication a mobile device may connect to an unauthorized network. In many cases, the user may falsely believe that the device is connected to an authorized network and then provide authentication credentials and other sensitive information. EAP-TLS is strong mutual authentication leveraging a public key infrastructure. Its use greatly mitigates risk associated with authentication transactions.

Description

Without strong mutual authentication a mobile device may connect to an unauthorized network. In many cases, the user may falsely believe that the device is connected to an authorized network and then provide authentication credentials and other sensitive information. EAP-TLS is strong mutual authentication leveraging a public key infrastructure. Its use greatly mitigates risk associated with authentication transactions.

STIG	Date
BlackBerry PlayBook OS V2.1 Security Technical Implementation Guide	2014-08-29

Details

Check Text ( C-46286r1_chk )
Navigate to "Options -> Wi-Fi -> Saved Networks" and select a Wi-Fi profile used to connect to DoD WLAN. Ensure "Security Type" is set to "WPA Enterprise" or "WPA2 Enterprise" and "Security Sub Type" (EAP security method) is set to "TLS". These options should be greyed out. Otherwise, this is a finding.

Fix Text (F-43696r1_fix)
On BlackBerry Device Service: Select the affected Wi-Fi Profile, and set "Security Type" to "WPA Enterprise" or "WPA2 Enterprise" and "Security Sub Type" to "TLS".