Check: BB10-2X-000290
BB10 2 X STIG:
BB10-2X-000290
(in version v1 r6)
Title
BlackBerry 10 OS must block both the inbound and outbound traffic between instant messaging clients that are independently configured by end users and external service providers or other unapproved DoD systems. (Cat II impact)
Discussion
Many instant messaging systems have known vulnerabilities, some of which allow an adversary to install malware on the device. This malware can then be used to obtain sensitive information or further compromise DoD information systems. Restricting IM traffic to DoD-authorized IM systems mitigates the risk of using IM technology.
Check Content
On BlackBerry Device Service, in the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software >> Applications >> Manage applications". If there are any unauthorized instant messaging systems listed, this is a finding.
Fix Text
On BlackBerry Device Service: In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand "Software >> Applications >> Manage applications". Delete the unauthorized IM system application.
Additional Identifiers
Rule ID:
Vulnerability ID: V-47199
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001154 |
The information system or supporting environment blocks both inbound and outbound traffic between instant messaging clients that are independently configured by end users and external service providers. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |