Title

Onset Technologies METAmessage software must not be installed on DoD BlackBerry devices or on the BES. (Cat I impact)

Discussion

Onset Technologies METAmessage software is production software which may introduce a virus or other malicious code on the system. This software is not approved for use on DoD systems.

Check Content

Perform the following procedures on the BES and a sample of BlackBerry devices (use 2-3 devices for a random sample) as appropriate. Check a sample of BlackBerry devices (Settings >> Options >> Advanced Options >> Applications) to ensure the METAmessage application is not loaded on the BlackBerry device. On the BES, have the BlackBerry Administrator show that the BES Application White List does not contain the application. This review should be performed at the same time checks WIR1310-01, WIR1310-02, and WIR1310-03 are reviewed so work is not duplicated. View the list of applications assigned to 3-4 samples Application White List software configurations assigned to users. Verify METAmessage is not listed. The METAmessage application allows the user to open and create Microsoft Office files, such as MS Word or Excel attachments or documents. These documents can then be sent via email, saved, or printed. This application presents a security risk and is not allowed for use in DoD. Verify this software application is not used by interviewing the ISSO or reviewing a sampling of the devices.

Fix Text

Remove Onset Technologies METAmessage software installed on DoD BlackBerry devices or on the BES.

Additional Identifiers

Rule ID: SV-12370r3_rule

Vulnerability ID: V-11870

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.