Check: BB10-2X-002160
BB10 2 X STIG:
BB10-2X-002160
(in version v1 r6)
Title
BlackBerry 10 OS, for PKI-based authentication must validate certificates by querying the certification authority for revocation status of the certificate. (Cat III impact)
Discussion
Status information for certification paths includes certificate revocation lists or online certificate status protocol responses. Failure to verify a certificate's revocation status can result in the system accepting a revoked or otherwise unauthorized certificate resulting in installation of unauthorized software or connection to rogue networks. Querying for certificate revocation mitigates the risk that the system will accept an unauthorized certificate.
Check Content
On BlackBerry Device Service, navigate to "Devices >> Device settings >> Certificate retrieval settings >> Edit Settings >> OCSP" and verify "Service URL" field is populated with the correct value. Otherwise, this is a finding.
Fix Text
On BlackBerry Device Service, navigate to "Devices >> Device settings >> Certificate retrieval settings >> Edit Settings >> OCSP" and set "Service URL" field to appropriate URL of the OCSP server.
Additional Identifiers
Rule ID:
Vulnerability ID: V-47233
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000185 |
The information system, for PKI-based authentication, validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information. |
Controls
| Number | Title |
|---|---|
| IA-5 (2) |
Pki-Based Authentication |