Check: BB10-2X-000350
BB10 2 X STIG:
BB10-2X-000350
(in version v1 r6)
Title
BlackBerry 10 OS maximum number of consecutive unsuccessful unlock attempts must be less than 10. (Cat II impact)
Discussion
The recommended setting for the maximum number of consecutive unsuccessful unlock attempts is 10. In some environments, a lower number may be needed to provide greater protection of sensitive information. Allowing for configuration enables the local command to enforce greater protection when it is deemed necessary. If the limit is not configurable, then it is permissible for a site to procure and deploy devices that enforce the limit specified by the organization, so long as that limit does not exceed 10.
Check Content
From either the Work Space or Personal Space, navigate to "Settings >> BlackBerry Balanceā. Under "Work Password", ensure the maximum value in the "Password attempt limit" drop down box is less than 10, otherwise, this is a finding.
Fix Text
On BlackBerry Device Service, set the IT Policy rule "Maximum Password Attempts" to be less than 10.
Additional Identifiers
Rule ID:
Vulnerability ID: V-47215
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-001383 |
The information system provides additional protection for mobile devices accessed via login by purging information from the device after an organization-defined number of consecutive, unsuccessful login attempts to the mobile device. |
Controls
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |