Title

BlackBerry 10 OSs VPN client must use either IPsec or SSL/TLS when connecting to DoD networks. (Cat II impact)

Discussion

Use of non-standard communications protocols can affect both the availability and confidentiality of communications. IPsec and SSL/TLS are both well-known and tested protocols that provide strong assurance with respect to both IA and interoperability.

Check Content

From either the Work Space or Personal Space, navigate to "Settings >> Network Connections >> VPN". Select "Edit" to edit a VPN Profile. For each VPN Profile connecting to DoD networks: - Select the VPN Profile to edit. - Ensure "Gateway Type" is set to a type which supports and utilizes IPsec and SSL/TLS. Otherwise, this is a finding. NOTE: If no VPN profiles are saved, this requirement is NA.

Fix Text

On BlackBerry Device Service, select the affected VPN Profile for edit, and set "Gateway Type" to a type which supports and utilizes IPsec and SSL/TLS.

Additional Identifiers

Rule ID:

Vulnerability ID: V-48597

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.