BlackBerry PlayBook OS must encrypt all data on the mobile device using AES encryption (AES 128 bit encryption key length is the minimum requirement; AES 256 desired).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-38756	PB21-00-000390	SV-50561r1_rule		Medium

Description
If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can remove non-volatile memory and read it directly, thereby circumventing operating system controls. Encrypting the data ensures that confidentiality is protected even when the operating system is not running. AES encryption with appropriate key lengths provides assurance that the cryptography is adequate.

Description

If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can remove non-volatile memory and read it directly, thereby circumventing operating system controls. Encrypting the data ensures that confidentiality is protected even when the operating system is not running. AES encryption with appropriate key lengths provides assurance that the cryptography is adequate.

STIG	Date
BlackBerry PlayBook OS V2.1 Security Technical Implementation Guide	2014-08-29

Details

Check Text ( C-46301r1_chk )
Navigate to "Options -> Security -> Encryption" and ensure it states: "Personal data and files are encrypted" and cannot be disabled. Otherwise, this is a finding.

Fix Text (F-43711r1_fix)
On BlackBerry Device Service, set "Personal Space Data Encryption" IT Policy rule to "Yes".