Title

BlackBerry 10 OS must prevent a user from installing unapproved applications in the Work Space. (Cat I impact)

Discussion

The operating system must enforce software installation by users based upon what types of software installations are permitted (e.g., updates and security patches to existing software) and what types of installations are prohibited (e.g., software whose pedigree with regard to being potentially malicious is unknown or suspect) by the organization. The installation and execution of unauthorized software on an operating system may allow the application to obtain sensitive information or further compromise the system. Preventing a user from installing unapproved applications mitigates this risk. When the Development Mode is enabled for the Work Space on BlackBerry 10 OS devices, the user has the capability to sideload apps to the Work Space. Disabling this feature removes the capability for a user to sideload apps.

Check Content

If requirement BB10-2X-000220 is met, this requirement is not applicable. On BlackBerry Device Service, verify the IT Policy rule "Development Mode Access to Work Space" is set to "Disallow". Otherwise, this is a finding.

Fix Text

On BlackBerry Device Service, set the IT Policy rule "Development Mode Access to Work Space" to "Disallow".

Additional Identifiers

Rule ID:

Vulnerability ID: V-47185

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.