Check: BB10-2X-000280
BB10 2 X STIG:
BB10-2X-000280
(in version v1 r6)
Title
BlackBerry 10 OS must have access to DoD root and intermediate PKI certificates when performing DoD PKI-related transactions. (Cat II impact)
Discussion
DoD root and intermediate PKI certificates are used to verify the authenticity of PKI certificates of users and web services. If the root and intermediate certificates are not available, an adversary could falsely sign a certificate in such a way that it could not be detected. Providing access to the DoD root and intermediate PKI certificates greatly diminishes the risk of this attack.
Check Content
From the Work Space, navigate to "Settings >> Security and Privacy >> Certificates", and inspect "Enterprise Root Certificates" and "Enterprise Intermediate Certificates" stores. If DoD root and intermediate PKI certificates are not in the stores, this is a finding.
Fix Text
On BlackBerry Device Service, ensure the required ".pem" files are present in this folder: <drive>:\<shared_network_folder>\Shared\Certificates\<ENTERPRISE/VPN/WIFI/www>
Additional Identifiers
Rule ID:
Vulnerability ID: V-47197
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-001142 |
The organization produces, controls, and distributes asymmetric cryptographic keys using approved PKI Class 3 certificates or prepositioned keying material. |
Controls
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |