Title

The BlackBerry Device Service server must configure the Work Space to prohibit the download of software from a DoD non-approved source (e.g., a non-DoD operated mobile device application store or BlackBerry Device Service server). (Cat II impact)

Discussion

DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD-approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system in most cases can be configured to disable user access to public application stores.

Check Content

Review the BlackBerry Device Service server configuration to ensure the BlackBerry Device Service server can configure the mobile device Work Space to prohibit the download of software from a DoD non-approved source (e.g., a non-DoD operated mobile device application store or BlackBerry Device Service server). Otherwise, this is a finding.

Fix Text

Configure the BlackBerry Device Service server so the Work Space is configured to prohibit the download of software from a DoD non-approved source. Log into BlackBerry Administration Service, and under "BlackBerry solution management" on the left side of the screen, navigate to "Policy > Manage IT policies > <Policy Name> > View complete IT Policy > Security" and verify "Development Mode Access to Work Space" is set to "Disallow".

Additional Identifiers

Rule ID:

Vulnerability ID: V-48575

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.