BlackBerry PlayBook OS VPN client must employ DoD PKI approved mechanisms for authentication when connecting to DoD networks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-38743	PB21-00-000260	SV-50548r1_rule		Medium

Description
VPNs are vulnerable to attack if they are not supported by strong authentication. An adversary may be able gain access to network resources and sensitive information if they can compromise the authentication process. Common Access Card (CAC) authentication is a strong cryptographic two-factor authentication that greatly mitigates the risk of VPN authentication breaches. Other DoD approved PKI mechanisms provide similar levels of assurance.

Description

VPNs are vulnerable to attack if they are not supported by strong authentication. An adversary may be able gain access to network resources and sensitive information if they can compromise the authentication process. Common Access Card (CAC) authentication is a strong cryptographic two-factor authentication that greatly mitigates the risk of VPN authentication breaches. Other DoD approved PKI mechanisms provide similar levels of assurance.

STIG	Date
BlackBerry PlayBook OS V2.1 Security Technical Implementation Guide	2014-08-29

Details

Check Text ( C-46288r1_chk )
Navigate to "Options -> Security -> VPN -> " and ensure "Authentication Type" is set to "PKI" or "XAUTH-PKI", and greyed out. Otherwise, this is a finding.

Fix Text (F-43698r1_fix)
On BlackBerry Device Service, set select the applicable VPN Profile and set "Authentication Type" is to "PKI" or "XAUTH-PKI".