An error occurred:

Check: BB10-2X-000140

BB10 2 X STIG: BB10-2X-000140 (in version v1 r6)

Title

BlackBerry 10 OS must prevent applications from extending the Work Space password lock time. (Cat II impact)

Discussion

The Work Space lock function prevents further access to the Work Space by initiating a session lock after a period of inactivity on the device or upon receiving a request from a user. The lock is retained until the user reestablishes access using established identification and authentication procedures. When using a personal app designed to extend the timeout in configurations with both personal and work areas, the device will not lock but the Work Space will lock after 15 minutes. Locking the Work Space after 15 minutes ensures that an adversary acquiring a DoD device may have access to the personal space but only a limited window to gain information from the Work Space. A device lock is a temporary action taken when a user stops work but does not want to shut down because of the temporary nature of the hiatus. During the device lock a publicly viewable pattern is visible on the associated display, hiding what was previously visible on the screen. Once invoked, the device lock shall remain in place until the user re-authenticates. No other system activity aside from re-authentication can unlock the system. The operating system must lock the device after the organization defined time period. This prevents others from gaining access to the device when not in the user's possession and accessing sensitive DoD information. A device lock mitigates the risk that an adversary can access data on an unattended mobile device but only after the maximum of 15 minute period of inactivity.

Check Content

On BlackBerry Device Service, verify the IT Policy rule "Application Security Timer Reset" is set to "Disallow". Otherwise, this is a finding.

Fix Text

On BlackBerry Device Service, set the IT Policy rule "Application Security Timer Reset" to "Disallow".

Additional Identifiers

Rule ID:

Vulnerability ID: V-47177

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000057

The information system initiates a session lock after the organization-defined time period of inactivity.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-11

Session Lock