Check: BBDS-00-003120
BBDS10 2 X STIG:
BBDS-00-003120
(in version v1 r5)
Title
The BlackBerry Device Service server must enforce the minimum password length for the Personal Space password to 4 digits via centrally managed policy. (Cat III impact)
Discussion
Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.
Check Content
Review the BlackBerry Device Service server policy configuration to determine whether a device unlock password with a minimum length of 4 characters has been enabled. If there are multiple policies, they must all be reviewed. Otherwise, this is a finding.
Fix Text
Configure the BlackBerry Device Service server to enable a device unlock password with a minimum length of 4 characters. This requirement can be met via one of two methods: Method #1: Train users to set the following device unlock/personal area password feature on a PlayBook 2.0 or BlackBerry 10 device: Navigate to "Options/Settings -> Security ->Password" and set "Enable Password" to "ON". Create a 4 digit passcode for the device lock. **************************************************************************************** Method #2: The BDS IT policy rule "Apply Work Space Password to Full Device" can be applied to force the Work Space password to be used for both Work and Personal Spaces. IT policy rules can be specified per group or per user. To add an IT policy to a group: 1. Log into BlackBerry Administration Service and under "BlackBerry solution management" on the left side, expand "Group". 2. Click "Manage groups". 3. Click the name of the group. 4. Click "Edit group". 5. Click the "Policies" tab. 6. In the "IT policy list", select the IT policy. 7. Click "Save all". To add an IT policy to a user account: 1. Log into BlackBerry Administration Service, and under "BlackBerry solution management" on the left side expand "User". 2. Click "Manage users". 3. Search for a user account. 4. In the search results, select the check box for the user account. 5. In the "Add to user configuration" list, click "Set IT policy". 6. In the "IT policy" drop-down list, select the IT policy. 7. Click "Save". For more details and information, please see the "Setting up device controls" section of the BlackBerry Enterprise Service 10 BlackBerry Device Service Administration Guide.
Additional Identifiers
Rule ID:
Vulnerability ID: V-48601
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000370 |
The organization employs automated mechanisms to centrally manage configuration settings for organization-defined information system components. |
Controls
Number | Title |
---|---|
CM-6 (1) |
Automated Central Management / Application / Verification |