Title

BlackBerry 10 OS must only permit downloading of software from a DoD-approved source (e.g., DoD-operated mobile device application store or MDM server). (Cat II impact)

Discussion

DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD-approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system, in most cases, can be configured to disable user access to public application stores. However, in some cases, DoD may approve downloads directly from the OS vendor.

Check Content

From the Work Space, open "BlackBerry World - Work" and select "Public". If any apps are listed under "Public", this is a finding.

Fix Text

On BlackBerry Device Service, on the BlackBerry solution management menu, expand "Software >> Applications", click "Manage applications", and delete all applications under "BlackBerry World Applications".

Additional Identifiers

Rule ID:

Vulnerability ID: V-47189

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.