BlackBerry PlayBook OS must prevent a user from using a browser that does not direct its traffic to a DoD proxy server.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-38750	PB21-00-000330	SV-50555r1_rule		Medium

Description
Proxy servers can inspect traffic for malware and other signs of a security attack. Allowing a mobile device to access the public Internet without proxy server inspection forgoes the protection that the proxy server would otherwise provide. Malware downloaded onto the device could have a wide variety of malicious consequences, including loss of sensitive DoD information. Forcing traffic to flow through a proxy server greatly mitigates the risk of access to public Internet resources.

Description

Proxy servers can inspect traffic for malware and other signs of a security attack. Allowing a mobile device to access the public Internet without proxy server inspection forgoes the protection that the proxy server would otherwise provide. Malware downloaded onto the device could have a wide variety of malicious consequences, including loss of sensitive DoD information. Forcing traffic to flow through a proxy server greatly mitigates the risk of access to public Internet resources.

STIG	Date
BlackBerry PlayBook OS V2.1 Security Technical Implementation Guide	2014-08-29

Details

Check Text ( C-46295r1_chk )
On BlackBerry Device Service: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software -> Applications". 2. Click "Manage applications". 3. Review the listed browser applications. If any unauthorized browser applications are listed, this is a finding.

Fix Text (F-43705r1_fix)
On BlackBerry Device Service: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software -> Applications". 2. Click "Manage applications". 3. Delete the unauthorized browser application.