UCF STIG Viewer Logo

The BlackBerry Device Service server must provide the administrative functionality to specify a list of approved applications that must be installed on the mobile device and cannot be removed by the user.


Overview

Finding ID Version Rule ID IA Controls Severity
BBDS-00-000280 BBDS-00-000280 BBDS-00-000280_rule Medium
Description
DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system in most cases can be configured to disable user access to public application stores. In some cases, some applications are required for secure operation of the mobile devices controlled by the MDM. In these cases, the ability for users to remove the application is needed as to ensure proper secure operations of the device.
STIG Date
BlackBerry Device Service 6.2 STIG 2013-05-03

Details

Check Text ( C-BBDS-00-000280_chk )
Review the BlackBerry Device Service server configuration to determine whether there is administrative functionality to specify a list of approved applications that must be installed on the mobile device and cannot be removed by the user. If this function is not present, this is a finding.

Application lists can be created for installation on the mobile devices. The applications can be identified as "Optional" or "Required". If an application is identified as "Required", it must be installed on the device, and cannot be removed by the user.

Create a software configuration:

1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software.
2. Click Create a software configuration.
3. In the Configuration information section, in the Name field, type a name for the software configuration.
4. Click Save.


Add an app to a software configuration:

You must add an app to a software configuration to send the app to BlackBerry devices. If you want to upgrade an app, you must add the new version of the app to the appropriate software configuration.
1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software.
2. Click Manage software configurations.
3. Click the software configuration that you want to add an app to.
4. Click Edit software configuration.
5. On the Applications tab, click Add applications to software configuration.
6. Search for the app that you want to add to the software configuration.
7. In the search results, select an app that you want to add to the software configuration.
8. For apps in the applications repository, in the Disposition drop-down list for the app, perform one of the following
actions:
* To install the app automatically on devices, and to prevent users from removing the app, select Required.
* To permit users to install and remove the app, and to add the app to the Work tab in the BlackBerry World
storefront, select Optional.
9. Repeat steps 6 to 8 for each app that you want to add to the software configuration.
10. Click Add to software configuration.
11. Click Save all.


See the "Managing app availability on devices" section of the BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 6.2 Administration Guide for further details and other available options.
Fix Text (F-BBDS-00-000280_fix)
Configure the BlackBerry Device Service server so it has the administrative functionality to specify a list of approved applications that must be installed on the mobile device and cannot be removed by the user.