Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
Navigate to "Options -> BlackBerry Balance" and select the Pencil icon. Ensure "Remove Password" button exists and is greyed out. Otherwise, this is a finding.
On BlackBerry Device Service, set "Password Required for Work Space" IT Policy rule to "Yes".
Navigate to "Options -> Security ->Password" and ensure "Enable Password" is set to "ON". Otherwise, this is a finding.
Navigate to "Options -> Security ->Password" and set "Enable Password" is set to "ON". Create a 4 digit passcode for the device lock.
On BlackBerry Device Service, ensure "Security Timeout" IT Policy rule is set to "15 minutes". Otherwise, this is a finding.
On BlackBerry Device Service, set "Security Timeout" IT Policy rule to "15 minutes".
Navigate to "Options -> Date & Time" and ensure "Set Date and Time Automatically" is set to "ON". Otherwise, this is a finding.
Navigate to "Options -> Date & Time" and set "Set Date and Time Automatically" is to "ON".
1. Navigate to "Options -> BlackBerry Balance". 2. Select the Pencil icon. 3. Select "Change Password". 4. Select "Password Rules". 5. Verify the dialog states: "Password must contain at least one uppercase letter". Otherwise, this is a finding.
On BlackBerry Device Service: Set "Minimum Password Complexity" IT Policy rule to: "At least 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character".
1. Navigate to "Options -> BlackBerry Balance". 2. Select the Pencil icon. 3. Select "Change Password". 4. Select "Password Rules". 5. Verify the dialog states: "Password must contain at least one lowercase letter". Otherwise, this is a finding.
On BlackBerry Device Service: Set "Minimum Password Complexity" IT Policy rule to: "At least 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character".
1. Navigate to "Options -> BlackBerry Balance". 2. Select the Pencil icon. 3. Select "Change Password". 4. Select "Password Rules". 5. Verify the dialog states: "Password must contain at least one number". Otherwise, this is a finding.
On BlackBerry Device Service: Set "Minimum Password Complexity" IT Policy rule to: "At least 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character".
If the local command determines that there is not a need for password rotation based on the expected operational use of the device, this requirement does not apply. On BlackBerry Device Service: "Maximum Password Age" IT Policy rule must be set to 60 or less. Otherwise, this is a finding
On BlackBerry Device Service: Set "Maximum Password Age" IT Policy rule to: 60.
If the local command determines that there is not a need for password rotation based on the expected operational use of the device, this requirement does not apply. On BlackBerry Device Service: "Maximum Password History" IT Policy rule must be set to 5 or more. Otherwise, this is a finding.
On BlackBerry Device Service: Set "Maximum Password History" IT Policy rule to: 5.
1. Navigate to "Options -> BlackBerry Balance". 2. Select the Pencil icon. 3. Select "Change Password". 4. Select "Password Rules". 5. Verify the dialog states: "Password must be at least 8 characters long". Otherwise, this is a finding.
On BlackBerry Device Service: Set "Minimum Password Length" IT Policy rule to: 8.
Lock the device by "Battery icon -> Lock". Unlock the device using the device lock password. If the unlock password is less than 4 characters, this is a finding.
Navigate to "Options -> Security -> Password -> Change Password". Input the old password under "Old Password". Under "New Password" and "Confirm Password" fields, input a new password that is greater or equal to 4 characters.
Navigate to "Options -> Security -> Application Permissions" and select each application listed, and ensure only DoD authorized permissions (Files, GPS Location, Camera, etc.) for this application is set to "Allowed" or "Prompt", with non-authorized permissions set to "Denied". Otherwise, this is a finding.
Navigate to "Options -> Security -> Application Permissions" and select each application listed, and set only DoD authorized permissions (Files, GPS Location, Camera, etc.) for this application to "Allowed" or "Prompt", with non-authorized permissions set to "Denied".
Navigate to "Options ->Security -> Development Mode" and ensure "Use Development Mode" is set to "OFF" and greyed out. Otherwise, this is a finding.
On BlackBerry Device Service: Set "Restrict Development Mode" IT Policy rule to "Yes".
On BlackBerry Device Service: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software -> Applications". 2. Click "Manage applications". 3. Review the applications listed under "BlackBerry World Applications". If any applications are listed, this is a finding.
On BlackBerry Device Service: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software -> Applications". 2. Click "Manage applications". 3. Delete all applications under "BlackBerry World Applications".
Navigate to "Options -> Wi-Fi -> Saved Networks" and select a Wi-Fi profile used to connect to DoD WLAN. Ensure "Security Type" is set to "WPA Enterprise" or "WPA2 Enterprise" and "Security Sub Type" (EAP security method) is set to "TLS". These options should be greyed out. Otherwise, this is a finding.
On BlackBerry Device Service: Select the affected Wi-Fi Profile, and set "Security Type" to "WPA Enterprise" or "WPA2 Enterprise" and "Security Sub Type" to "TLS".
1. Navigate to "Options -> Security -> VPN". 2. Select the enterprise VPN Profile (Work VPN Profiles have a briefcase icon on the right hand side). 3. Verify "Authentication Type" is set to a bidirectional cryptographically based authentication, and greyed out. Otherwise, this is a finding.
On BlackBerry Device Service: Create a VPN Profile with approved "Authentication Type" configured, and associate VPN Profile with IT Policy for the affected device.
Navigate to "Options -> Security -> VPN -> <VPN Profile>" and ensure "Authentication Type" is set to "PKI" or "XAUTH-PKI", and greyed out. Otherwise, this is a finding.
On BlackBerry Device Service, set select the applicable VPN Profile and set "Authentication Type" is to "PKI" or "XAUTH-PKI".
Navigate to "Options -> Security -> VPN". Select each VPN Profile used to connect to a DoD network, and ensure "Gateway Type" is set to a type which supports and utilizes IPSec and SSL/TLS and greyed out. Otherwise, this is a finding.
On BDS, select the affected VPN Profile for Edit, and set "Gateway Type" is to a type which supports and utilizes IPSec and SSL/TLS.
On BlackBerry Device Service: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software -> Applications". 2. Click "Manage applications". 3. Review the listed IM systems. If any unauthorized IM systems are listed, this is a finding.
On BlackBerry Device Service: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software -> Applications". 2. Click "Manage applications". 3. Delete the unauthorized IM system application.
Navigate to "Options -> Security -> Certificates". Select each certificate listed under "All Certificates". In "Certificate Details", ensure "Issued By" states appropriate DoD certificate authority, or the certificate itself has been approved by DoD. Otherwise, this is a finding.
On BlackBerry Device Service Server: Remove the corresponding .pem file from <drive>:\<shared_network_folder>\Shared\Certificates\<ENTERPRISE/VPN/WIFI/www> folder.
Navigate to "Options -> Security -> Certificates". Select each certificate listed under "All Certificates". In "Certificate Details", ensure "Issued By" states appropriate DoD certificate authority, or the certificate itself has been approved by DoD. Otherwise, this is a finding.
On BlackBerry Device Service Server: Remove the corresponding .pem file from <drive>:\<shared_network_folder>\Shared\Certificates\<ENTERPRISE/VPN/WIFI/www> folder.
On BlackBerry Device Service: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software -> Applications". 2. Click "Manage applications". 3. Review the listed browser applications. If any unauthorized browser applications are listed, this is a finding.
On BlackBerry Device Service: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software -> Applications". 2. Click "Manage applications". 3. Delete the unauthorized browser application.
1. Navigate to "Options -> About -> BlackBerry Balance". 2. Review the "IT Policy Name" assigned to the user. If different from the BDS policy, this is a finding.
On BlackBerry Device Service: 1. Navigate to "BlackBerry solution management -> User -> Manage users -> <affected user's device PIN>". 2. Select "Resend IT Policy to a device".
To verify IT Policy: 1. Navigate to "Options -> Accounts". 2. Verify that all required work accounts (with a briefcase icon) are present. Otherwise, this is a finding.
On BlackBerry Device Service: 1. Navigate to "BlackBerry solution management -> Profiles -> Manage email profiles". 2. Ensure all required profiles are listed. If not, create necessary profiles by navigating to "BlackBerry solution management -> Profiles -> Create email profiles". 3. Assign all required email profiles to the affected user, or a group containing the user.
1. Navigate to "Options -> Wi-Fi -> Saved Networks". 2. Verify that all required work Wi-Fi profiles (with a briefcase icon) are present. Otherwise, this is a finding.
On BlackBerry Device Service: 1. Navigate to "BlackBerry solution management -> Profiles -> Manage Wi-Fi Profiles". 2. Ensure all required profiles are listed. If not, create necessary profiles by navigating to "BlackBerry solution management -> Profiles -> Create Wi-Fi Profiles". 3. Assign all required Wi-Fi profiles to the affected user, or a group containing the user.
1. Navigate to "Options -> Security -> VPN". 2. Verify that all required work VPN profiles (with a briefcase icon) are present. Otherwise, this is a finding.
On BlackBerry Device Service: 1. Navigate to "BlackBerry solution management -> Profiles -> Manage VPN Profiles". 2. Ensure all required profiles are listed. If not, create necessary profiles by navigating to "BlackBerry solution management -> Profiles -> Create VPN Profiles". 3. Assign all required VPN profiles to the affected user, or a group containing the user.
Navigate to "Options -> Security -> Encryption" and ensure it states: "Personal data and files are encrypted" and cannot be disabled. Otherwise, this is a finding.
On BlackBerry Device Service, set "Personal Space Data Encryption" IT Policy rule to "Yes".
Navigate to "Options -> Storage & Sharing" and ensure "Wi-Fi Sharing" is set to "OFF". Otherwise, this is a finding.
Navigate to "Options -> Storage & Sharing" and set "Wi-Fi Sharing" to "OFF".
1. Navigate to "Options -> BlackBerry Balance". 2. Select the Pencil icon. 3. Verify the "Remove Password" button is greyed out. Otherwise, this is a finding.
On BlackBerry Device Service: Set "Password Required for Work Space" IT Policy rule to: "Yes".
1. Navigate to "Options -> Security -> Password". 2. Verify "Enable Password" is set to "ON". Otherwise, this is a finding.
1. Navigate to "Options -> Security -> Password". 2. Set "Enable Password" is set to "ON". 3. Create a 4 digit passcode for the device.
Manufacturer support for BlackBerry Playbook tablets ended April 2014. If BlackBerry Playbook tablets are in use, this is a finding.
Replace the BlackBerry PlayBook with an approved device.