Check: BBDS-00-000275
Policy SRG:
BBDS-00-000275
(in version v1 r1)
Title
The BlackBerry Device Service server must configure the mobile device agent to prohibit the download of software from a DoD non-approved source (e.g., DoD operated mobile device application store or BlackBerry Device Service server). (Cat II impact)
Discussion
DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system in most cases can be configured to disable user access to public application stores.
Check Content
Review the BlackBerry Device Service server configuration to ensure the BlackBerry Device Service server can configure the mobile device agent to prohibit the download of software from a DoD non-approved source (e.g., DoD operated mobile device application store or BlackBerry Device Service server). If this function is not present, this is a finding. The "Restrict Development Mode" rule prohibits mobile devices from downloading and installing applications from non-approved sources. IT policy rules can be specified per group or per user. To add an IT policy to a group: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Group. 2. Click Manage groups. 3. Click the name of the group. 4. Click Edit group. 5. Click the Policies tab. 6. In the IT policy list, select the IT policy. 7. Click Save all. To add an IT policy to a user account: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand User. 2. Click Manage users. 3. Search for a user account. 4. In the search results, select the check box for the user account. 5. In the Add to user configuration list, click Set IT policy. 6. In the IT policy drop-down list, select the IT policy. 7. Click Save. For more details and information, please see the "Setting up device controls" section of the BlackBerry Enterprise Service 10 BlackBerry Device Service, Version: 6.2 Administration Guide.
Fix Text
Configure the BlackBerry Device Service server so the mobile device agent is configured to prohibit the download of software from a DoD non-approved source (e.g., DoD operated mobile device application store or BlackBerry Device Service server).
Additional Identifiers
Rule ID:
Vulnerability ID: BBDS-00-000275
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000370 |
The organization employs automated mechanisms to centrally manage configuration settings for organization-defined information system components. |
Controls
Number | Title |
---|---|
CM-6 (1) |
Automated Central Management / Application / Verification |