Title

If BlackBerry email auto signatures are used, the signature message must not disclose that the email originated from a BlackBerry or mobile device (e.g., “Sent From My Wireless Handheld”). (Cat III impact)

Discussion

The disclaimer message may give information which may key an attacker in on the device. This is primarily an OPSEC issue. This setting was directed by the USCYBERCOM.

Check Content

Check a sample of BlackBerry devices (use 2-3 devices as a random sample): - Open the BlackBerry email folder. - Highlight the date line at the top of the list of messages. - Click the Menu button. - Select Options, then Email Settings. - Check the contents of “Auto Signature” text box to verify compliance.

Fix Text

If BlackBerry email auto signatures are used, the signature message does not disclose that the email originated from a BlackBerry or mobile device (e.g., “Sent From My Wireless Handheld”).

Additional Identifiers

Rule ID: SV-12372r2_rule

Vulnerability ID: V-11872

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.