Check: BB10-2X-000120
BB10 2 X STIG:
BB10-2X-000120
(in version v1 r6)
Title
BlackBerry 10 OS must retain the device lock until the user reestablishes access using established identification and authentication procedures. (Cat II impact)
Discussion
The device lock function prevents further access to the system by initiating a session lock after a period of inactivity or upon receiving a request from a user. The device lock is retained until the user reestablishes access using established identification and authentication procedures. A device lock is a temporary action taken when a user stops work but does not want to log out because of the temporary nature of the hiatus. During the device lock a publicly viewable pattern is visible on the associated display, hiding what was previously visible on the screen. Once invoked, the device lock shall remain in place until the user re-authenticates. No other system activity aside from re-authentication can unlock the system. The operating system must enforce a device lock function. This prevents others from gaining access to the device when not in the user's possession and accessing sensitive DoD information. The identification and authentication procedure configuration must be set by a Mobile Device Management (MDM) service and be sufficiently complex to protect sensitive data.
Check Content
This requirement must meet one of the options below: Option 1: From either the Work Space or Personal Space, navigate to "Settings >> Security and Privacy >> Device Password" and ensure "Device Password" is set to "On". Otherwise, this is a finding. Option 2: From either the Work Space or Personal Space, navigate to "Settings >> BlackBerry Balance" and ensure "Use as my device password" is set to "On" and greyed out. Otherwise, this is a finding.
Fix Text
Select one option to fix this requirement: Option 1: From either the Work Space or Personal Space, navigate to "Settings >> Security and Privacy >> Device Password" and set "Enable Device Password" to "On". Create a 4-digit password for device lock. Option 2: On BlackBerry Device Service, set "Apply Work Space Password to Full Device" rule to "Yes". Note: This fix procedure affects the Personal Space.
Additional Identifiers
Rule ID:
Vulnerability ID: V-47173
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000056 |
The information system retains the session lock until the user reestablishes access using established identification and authentication procedures. |
Controls
Number | Title |
---|---|
AC-11 |
Session Lock |