BlackBerry OS 7.x.x Security Technical Implementation Guide

BlackBerry OS 7.x.x STIG in XCCDF format

Details

Version / Release: V2R9

Published: 2015-08-12

Updated At: 2018-09-23 02:04:31

Compare/View Releases

Select any two versions of this STIG to compare the individual requirements

Select any old version/release of this STIG to view the previous requirements

Actions

Download

Filter


Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-12364r3_rule WIR1030-01 LOW When the Password Keeper is enabled on the BlackBerry device, the AO must review and approve its use, and the application must be configured as required. Password Keeper is a default BlackBerry application that can be installed on the BlackBerry handheld device. This application allows users to store passwords. The use of Password Keeper should be reviewed and approved by the local AO. Passwords are store
    SV-12366r3_rule WIR1040-02 LOW BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements. Insecure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack.System AdministratorInformation Assurance OfficerECWN-1
    SV-12370r3_rule WIR1050-01 HIGH Onset Technologies METAmessage software must not be installed on DoD BlackBerry devices or on the BES. Onset Technologies METAmessage software is production software which may introduce a virus or other malicious code on the system. This software is not approved for use on DoD systems.System AdministratorInformation Assurance OfficerECWN-1
    SV-12371r3_rule WIR1055-01 LOW BlackBerry devices must be provisioned so users can digitally sign and encrypt email notifications or any other email required by DoD policy. S/MIME provides the capability for users to send and receive S/MIME email messages from wireless email devices. S/MIME and digital signatures provide assurance that the message is authentic and is required by DoD policy. Reference the DoD CIO memorandum
    SV-12372r2_rule WIR1060-01 LOW If BlackBerry email auto signatures are used, the signature message must not disclose that the email originated from a BlackBerry or mobile device (e.g., “Sent From My Wireless Handheld”). The disclaimer message may give information which may key an attacker in on the device. This is primarily an OPSEC issue. This setting was directed by the USCYBERCOM.Information Assurance OfficerECSC-1
    SV-12375r2_rule WIR1075-01 LOW All Internet browser icons must be disabled from the BlackBerry device except for the BlackBerry Internet Browser icon. The BlackBerry Browser forces all Internet browsing to go through the site internet gateway, which provides additional security over the carrier's browser.ECSC-1
    SV-21102r3_rule WIR1040-01 MEDIUM BlackBerry devices must have required operating system software version installed. Required security features are not available in earlier OS versions. In addition, there are known vulnerabilities in earlier versions.System AdministratorInformation Assurance OfficerECWN-1
    SV-21127r2_rule WIR1080-01 LOW Security configuration settings on the BlackBerry devices managed by the site must be compliant with requirements listed in Table 5, BlackBerry STIG Configuration Tables. These checks are related to a defense-in-depth approach for the BlackBerry, including ensuring the locked BlackBerry is not identified as a DoD BlackBerry and providing visual indicators when the Bluetooth radio is being used so users can verify they have
    SV-21197r3_rule WIR1055-02 LOW BlackBerry devices must be provisioned so users can digitally sign and encrypt email notifications. S/MIME provides the capability for users to send and receive S/MIME email messages from wireless email devices. S/MIME and digital signatures provide assurance that the message is authentic and is required by DoD policy. Reference the DoD CIO memorandum r
    SV-21228r3_rule WIR1040-03 MEDIUM BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements. Non-secure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack.System AdministratorInformation Assurance OfficerECSC-1
    SV-21229r3_rule WIR1040-04 MEDIUM BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements. Non-secure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack.System AdministratorInformation Assurance OfficerECSC-1
    SV-21230r3_rule WIR1040-05 LOW BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements. Non-secure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack.System AdministratorInformation Assurance OfficerECSC-1
    SV-25132r4_rule WIR1040-06 LOW Required version of the BlackBerry Smart Card Reader (SCR) hardware must be used, and required versions of the drivers must be installed both on the BlackBerry and the SCR. Required SCR security features are not available in earlier versions, and therefore Bluetooth vulnerabilities will not have been patched.System AdministratorInformation Assurance Officer
    SV-25495r3_rule WIR1095-01 LOW BlackBerry Web Desktop Manager (BWDM) or BlackBerry Desktop Manager (BDM) must be configured as required. The BWDM provides the capability for users to self provision their BlackBerry, and to synchronize the BlackBerrys to the BES. The BWDM works by providing a web client interface to the BlackBerry database via the BlackBerry Administrative Service (BAS).
    SV-33354r2_rule WIR1045-01 MEDIUM Only approved Bluetooth headset and handsfree devices must be used with site managed BlackBerry devices. Bluetooth usage could provide an attack vector for a hacker to connect to a BlackBerry device without the knowledge of the user. DoD data would then be vulnerable.ECSC-1