kriterion 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (564) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +2 -0
  3. data/.ruby-version +1 -0
  4. data/.travis.yml +5 -0
  5. data/Dockerfile +18 -0
  6. data/Gemfile +12 -0
  7. data/Gemfile.lock +62 -0
  8. data/LICENSE.txt +21 -0
  9. data/README.md +58 -0
  10. data/Rakefile +6 -0
  11. data/bin/setup +8 -0
  12. data/bin/update_stigs.rb +42 -0
  13. data/criterion.gemspec +31 -0
  14. data/docker-compose.yml +14 -0
  15. data/exe/kriterion +16 -0
  16. data/lib/kriterion.rb +16 -0
  17. data/lib/kriterion/api.rb +27 -0
  18. data/lib/kriterion/backend.rb +13 -0
  19. data/lib/kriterion/backend/mongodb.rb +235 -0
  20. data/lib/kriterion/cli.rb +28 -0
  21. data/lib/kriterion/cli/api.rb +35 -0
  22. data/lib/kriterion/cli/worker.rb +35 -0
  23. data/lib/kriterion/event.rb +36 -0
  24. data/lib/kriterion/item.rb +42 -0
  25. data/lib/kriterion/logs.rb +14 -0
  26. data/lib/kriterion/metrics.rb +22 -0
  27. data/lib/kriterion/object.rb +50 -0
  28. data/lib/kriterion/report.rb +69 -0
  29. data/lib/kriterion/resource.rb +60 -0
  30. data/lib/kriterion/section.rb +32 -0
  31. data/lib/kriterion/standard.rb +65 -0
  32. data/lib/kriterion/version.rb +3 -0
  33. data/lib/kriterion/worker.rb +280 -0
  34. data/standards/cis_red_hat_enterprise_linux_7.json +34 -0
  35. data/standards/stig_a10_networks_adc_alg.json +209 -0
  36. data/standards/stig_a10_networks_adc_ndm.json +233 -0
  37. data/standards/stig_active_directory_domain.json +257 -0
  38. data/standards/stig_active_directory_forest.json +41 -0
  39. data/standards/stig_active_directory_service_2003.json +173 -0
  40. data/standards/stig_active_directory_service_2008.json +167 -0
  41. data/standards/stig_adobe_acrobat_pro_xi.json +167 -0
  42. data/standards/stig_adobe_acrobat_reader_dc_classic_track.json +179 -0
  43. data/standards/stig_adobe_acrobat_reader_dc_continuous_track.json +179 -0
  44. data/standards/stig_adobe_coldfusion_11.json +611 -0
  45. data/standards/stig_airwatch_mdm.json +185 -0
  46. data/standards/stig_aix_5.3.json +3095 -0
  47. data/standards/stig_aix_6.1.json +3047 -0
  48. data/standards/stig_akamai_ksd_service_impact_level_2_alg.json +209 -0
  49. data/standards/stig_akamai_ksd_service_impact_level_2_ndm.json +155 -0
  50. data/standards/stig_android_2.2_dell.json +311 -0
  51. data/standards/stig_apache_2.2_serverwindows.json +347 -0
  52. data/standards/stig_apache_2.2_sitewindows_security_implementation_guide.json +179 -0
  53. data/standards/stig_apache_server_2.0unix.json +341 -0
  54. data/standards/stig_apache_server_2.0windows.json +341 -0
  55. data/standards/stig_apache_server_2.2unix.json +347 -0
  56. data/standards/stig_apache_server_2.2windows.json +347 -0
  57. data/standards/stig_apache_site_2.0unix.json +185 -0
  58. data/standards/stig_apache_site_2.0windows.json +179 -0
  59. data/standards/stig_apache_site_2.2unix.json +185 -0
  60. data/standards/stig_apache_site_2.2windows.json +179 -0
  61. data/standards/stig_apple_ios6.json +341 -0
  62. data/standards/stig_apple_ios_10.json +245 -0
  63. data/standards/stig_apple_ios_11.json +269 -0
  64. data/standards/stig_apple_ios_4_good_mobility_suite_interim_security_configuration_guide_iscg.json +257 -0
  65. data/standards/stig_apple_ios_5.json +329 -0
  66. data/standards/stig_apple_ios_6.json +335 -0
  67. data/standards/stig_apple_ios_6_interim_security_configuration_guide_iscg.json +371 -0
  68. data/standards/stig_apple_ios_7.json +185 -0
  69. data/standards/stig_apple_ios_8_interim_security_configuration_guide.json +251 -0
  70. data/standards/stig_apple_ios_9_interim_security_configuration_guide.json +245 -0
  71. data/standards/stig_apple_os_x_10.10_yosemite_workstation.json +851 -0
  72. data/standards/stig_apple_os_x_10.11.json +725 -0
  73. data/standards/stig_apple_os_x_10.12.json +737 -0
  74. data/standards/stig_apple_os_x_10.8_mountain_lion_workstation.json +1241 -0
  75. data/standards/stig_apple_os_x_10.9_mavericks_workstation.json +809 -0
  76. data/standards/stig_application_layer_gateway_alg_security_requirements_guide_srg.json +911 -0
  77. data/standards/stig_application_layer_gateway_security_requirements_guide.json +911 -0
  78. data/standards/stig_application_security_and_development.json +1745 -0
  79. data/standards/stig_application_security_and_development_checklist.json +959 -0
  80. data/standards/stig_application_security_requirements_guide.json +1961 -0
  81. data/standards/stig_application_server_security_requirements_guide.json +791 -0
  82. data/standards/stig_arcgisserver_10.3.json +143 -0
  83. data/standards/stig_arista_mls_dcs-7000_series_l2s.json +53 -0
  84. data/standards/stig_arista_mls_dcs-7000_series_ndm.json +197 -0
  85. data/standards/stig_arista_mls_dcs-7000_series_rtr.json +143 -0
  86. data/standards/stig_bind_9.x.json +431 -0
  87. data/standards/stig_bind_dns.json +317 -0
  88. data/standards/stig_blackberry_10.2.x_os.json +179 -0
  89. data/standards/stig_blackberry_10_os.json +227 -0
  90. data/standards/stig_blackberry_bes_12.3.x_mdm.json +65 -0
  91. data/standards/stig_blackberry_bes_12.5.x_mdm.json +65 -0
  92. data/standards/stig_blackberry_device_service_6.2.json +425 -0
  93. data/standards/stig_blackberry_enterprise_mobility_server_2.x.json +149 -0
  94. data/standards/stig_blackberry_enterprise_server,_part_1.json +35 -0
  95. data/standards/stig_blackberry_enterprise_server,_part_2.json +155 -0
  96. data/standards/stig_blackberry_enterprise_server,_part_3.json +647 -0
  97. data/standards/stig_blackberry_enterprise_server_version_5.x,_part_1.json +35 -0
  98. data/standards/stig_blackberry_enterprise_server_version_5.x,_part_2.json +155 -0
  99. data/standards/stig_blackberry_enterprise_server_version_5.x,_part_3.json +653 -0
  100. data/standards/stig_blackberry_enterprise_service_v10.1.x_blackberry_device_service.json +317 -0
  101. data/standards/stig_blackberry_enterprise_service_v10.2.x_blackberry_device_service.json +263 -0
  102. data/standards/stig_blackberry_handheld_device.json +125 -0
  103. data/standards/stig_blackberry_os_10.3.x.json +257 -0
  104. data/standards/stig_blackberry_os_7.x.json +107 -0
  105. data/standards/stig_blackberry_os_7.x.x.json +101 -0
  106. data/standards/stig_blackberry_os_version_5-7.json +107 -0
  107. data/standards/stig_blackberry_playbook.json +65 -0
  108. data/standards/stig_blackberry_playbook_os_nea_mode.json +65 -0
  109. data/standards/stig_blackberry_playbook_os_v2.1.json +197 -0
  110. data/standards/stig_blackberry_uem_12.7.json +59 -0
  111. data/standards/stig_bluetoothzigbee.json +35 -0
  112. data/standards/stig_ca_api_gateway_alg.json +497 -0
  113. data/standards/stig_cisco_css_dns.json +71 -0
  114. data/standards/stig_cisco_ios_xe_release_3_ndm.json +395 -0
  115. data/standards/stig_cisco_ios_xe_release_3_rtr.json +149 -0
  116. data/standards/stig_cmd_management_server_policy.json +53 -0
  117. data/standards/stig_commercial_mobile_device_cmd_policy.json +83 -0
  118. data/standards/stig_csfc_campus_wlan_policy_security_implementation_guide.json +95 -0
  119. data/standards/stig_database_security_requirements_guide.json +767 -0
  120. data/standards/stig_dbn-6300_idps.json +107 -0
  121. data/standards/stig_dbn-6300_ndm.json +359 -0
  122. data/standards/stig_defense_switched_network.json +683 -0
  123. data/standards/stig_defense_switched_network_dsn.json +653 -0
  124. data/standards/stig_desktop_applications_general.json +41 -0
  125. data/standards/stig_dns_policy.json +155 -0
  126. data/standards/stig_domain_name_system_dns_security_requirements_guide.json +599 -0
  127. data/standards/stig_draft_aix.json +3503 -0
  128. data/standards/stig_edb_postgres_advanced_server.json +665 -0
  129. data/standards/stig_email_services_policy.json +137 -0
  130. data/standards/stig_exchange_2010_client_access_server.json +179 -0
  131. data/standards/stig_exchange_2010_edge_transport_server.json +389 -0
  132. data/standards/stig_exchange_2010_hub_transport_server.json +269 -0
  133. data/standards/stig_exchange_2010_mailbox_server.json +209 -0
  134. data/standards/stig_f5_big-ip_access_policy_manager_11.x.json +149 -0
  135. data/standards/stig_f5_big-ip_advanced_firewall_manager_11.x.json +41 -0
  136. data/standards/stig_f5_big-ip_application_security_manager_11.x.json +89 -0
  137. data/standards/stig_f5_big-ip_device_management_11.x.json +467 -0
  138. data/standards/stig_f5_big-ip_local_traffic_manager_11.x.json +407 -0
  139. data/standards/stig_final_draft_general_wireless_policy.json +71 -0
  140. data/standards/stig_firewall.json +449 -0
  141. data/standards/stig_firewall_-_cisco.json +449 -0
  142. data/standards/stig_firewall_security_requirements_guide.json +257 -0
  143. data/standards/stig_forescout_counteract_alg.json +83 -0
  144. data/standards/stig_forescout_counteract_ndm.json +239 -0
  145. data/standards/stig_free_space_optics_device.json +143 -0
  146. data/standards/stig_general_mobile_device_policy_non-enterprise_activated.json +113 -0
  147. data/standards/stig_general_mobile_device_technical_non-enterprise_activated.json +59 -0
  148. data/standards/stig_general_purpose_operating_system_srg.json +1199 -0
  149. data/standards/stig_general_wireless_policy.json +71 -0
  150. data/standards/stig_good_mobility_suite_server_android_os.json +203 -0
  151. data/standards/stig_good_mobility_suite_server_apple_ios_4_interim_security_configuration_guide_iscg.json +209 -0
  152. data/standards/stig_good_mobility_suite_server_windows_phone_6.5.json +449 -0
  153. data/standards/stig_goodenterprise_8.x.json +401 -0
  154. data/standards/stig_google_chrome_browser.json +209 -0
  155. data/standards/stig_google_chrome_current_windows.json +215 -0
  156. data/standards/stig_google_chrome_draft.json +281 -0
  157. data/standards/stig_google_chrome_v23_windows.json +275 -0
  158. data/standards/stig_google_chrome_v24_windows.json +263 -0
  159. data/standards/stig_google_chrome_v24_windows_benchmark.json +227 -0
  160. data/standards/stig_google_search_appliance.json +209 -0
  161. data/standards/stig_harris_secnet_11_54.json +89 -0
  162. data/standards/stig_hp-ux_11.23.json +3215 -0
  163. data/standards/stig_hp-ux_11.31.json +3155 -0
  164. data/standards/stig_hp-ux_smse.json +431 -0
  165. data/standards/stig_hpe_3par_storeserv_3.2.x.json +131 -0
  166. data/standards/stig_ibm_datapower_alg.json +401 -0
  167. data/standards/stig_ibm_datapower_network_device_management.json +395 -0
  168. data/standards/stig_ibm_db2_v10.5_luw.json +575 -0
  169. data/standards/stig_ibm_hardware_management_console_hmc.json +221 -0
  170. data/standards/stig_ibm_hardware_management_console_hmc_policies.json +35 -0
  171. data/standards/stig_ibm_maas360_v2.3.x_mdm.json +59 -0
  172. data/standards/stig_ibm_zvm_using_ca_vm:secure.json +473 -0
  173. data/standards/stig_idps_security_requirements_guide_srg.json +1865 -0
  174. data/standards/stig_idsips.json +257 -0
  175. data/standards/stig_iis6_server.json +221 -0
  176. data/standards/stig_iis6_site.json +263 -0
  177. data/standards/stig_iis_7.0_web_server.json +155 -0
  178. data/standards/stig_iis_7.0_web_site.json +299 -0
  179. data/standards/stig_iis_8.5_server.json +293 -0
  180. data/standards/stig_iis_8.5_site.json +347 -0
  181. data/standards/stig_infoblox_7.x_dns.json +419 -0
  182. data/standards/stig_infrastructure_l3_switch.json +599 -0
  183. data/standards/stig_infrastructure_l3_switch_-_cisco.json +659 -0
  184. data/standards/stig_infrastructure_l3_switch_secure_technical_implementation_guide_-_cisco.json +659 -0
  185. data/standards/stig_infrastructure_router.json +479 -0
  186. data/standards/stig_infrastructure_router_-_cisco.json +539 -0
  187. data/standards/stig_infrastructure_router_-_juniper.json +485 -0
  188. data/standards/stig_infrastructure_router__cisco.json +539 -0
  189. data/standards/stig_infrastructure_router__juniper.json +485 -0
  190. data/standards/stig_internet_explorer_8.json +821 -0
  191. data/standards/stig_internet_explorer_9.json +815 -0
  192. data/standards/stig_intrusion_detection_and_prevention_systems_idps_security_requirements_guide.json +371 -0
  193. data/standards/stig_ipsec_vpn_gateway.json +521 -0
  194. data/standards/stig_java_runtime_environment_jre_6_unix.json +65 -0
  195. data/standards/stig_java_runtime_environment_jre_6_win7.json +65 -0
  196. data/standards/stig_java_runtime_environment_jre_6_windows_xp.json +77 -0
  197. data/standards/stig_java_runtime_environment_jre_6_winxp.json +65 -0
  198. data/standards/stig_java_runtime_environment_jre_7_unix.json +65 -0
  199. data/standards/stig_java_runtime_environment_jre_7_win7.json +65 -0
  200. data/standards/stig_java_runtime_environment_jre_7_winxp.json +65 -0
  201. data/standards/stig_java_runtime_environment_jre_version_6_unix.json +77 -0
  202. data/standards/stig_java_runtime_environment_jre_version_6_windows_7.json +77 -0
  203. data/standards/stig_java_runtime_environment_jre_version_6_windows_xp.json +65 -0
  204. data/standards/stig_java_runtime_environment_jre_version_7_unix.json +77 -0
  205. data/standards/stig_java_runtime_environment_jre_version_7_windows_7.json +77 -0
  206. data/standards/stig_java_runtime_environment_jre_version_7_winxp.json +77 -0
  207. data/standards/stig_java_runtime_environment_jre_version_8_unix.json +107 -0
  208. data/standards/stig_java_runtime_environment_jre_version_8_windows.json +107 -0
  209. data/standards/stig_jboss_eap_6.3.json +413 -0
  210. data/standards/stig_juniper_srx_sg_alg.json +155 -0
  211. data/standards/stig_juniper_srx_sg_idps.json +179 -0
  212. data/standards/stig_juniper_srx_sg_ndm.json +443 -0
  213. data/standards/stig_juniper_srx_sg_vpn.json +185 -0
  214. data/standards/stig_keyboard_video_and_mouse_switch.json +269 -0
  215. data/standards/stig_l3_kov-26_talon_wireless_role.json +77 -0
  216. data/standards/stig_layer_2_switch.json +347 -0
  217. data/standards/stig_layer_2_switch_-_cisco.json +365 -0
  218. data/standards/stig_lg_android_5.x_interim_security_configuration_guide.json +245 -0
  219. data/standards/stig_lg_android_6.x.json +281 -0
  220. data/standards/stig_mac_osx_10.6_workstation.json +1319 -0
  221. data/standards/stig_mac_osx_10.6_workstation_draft.json +1319 -0
  222. data/standards/stig_mainframe_product_security_requirements_guide.json +1115 -0
  223. data/standards/stig_mcafee_application_control_7.x.json +203 -0
  224. data/standards/stig_mcafee_move_2.63.6.1_multi-platform_client.json +149 -0
  225. data/standards/stig_mcafee_move_2.63.6.1_multi-platform_oss.json +101 -0
  226. data/standards/stig_mcafee_move_2.6_multi-platform_client.json +149 -0
  227. data/standards/stig_mcafee_move_2.6_multi-platform_oss.json +101 -0
  228. data/standards/stig_mcafee_move_3.6.1_multi-platform_client.json +149 -0
  229. data/standards/stig_mcafee_move_3.6.1_multi-platform_oss.json +101 -0
  230. data/standards/stig_mcafee_move_agentless_3.03.6.1_security_virtual_appliance.json +167 -0
  231. data/standards/stig_mcafee_move_agentless_3.0_security_virtual_appliance.json +167 -0
  232. data/standards/stig_mcafee_move_agentless_3.0_vsel_1.9sva.json +203 -0
  233. data/standards/stig_mcafee_move_agentless_3.6.1_security_virtual_appliance.json +167 -0
  234. data/standards/stig_mcafee_move_av_agentless_4.5.json +155 -0
  235. data/standards/stig_mcafee_move_av_multi-platform_4.5.json +215 -0
  236. data/standards/stig_mcafee_virusscan_8.8_local_client.json +533 -0
  237. data/standards/stig_mcafee_virusscan_8.8_managed_client.json +533 -0
  238. data/standards/stig_mcafee_vsel_1.92.0_local_client.json +245 -0
  239. data/standards/stig_mcafee_vsel_1.92.0_managed_client.json +239 -0
  240. data/standards/stig_mdm_server_policy.json +47 -0
  241. data/standards/stig_microsoft_access_2003.json +47 -0
  242. data/standards/stig_microsoft_access_2007.json +77 -0
  243. data/standards/stig_microsoft_access_2010.json +119 -0
  244. data/standards/stig_microsoft_access_2013.json +113 -0
  245. data/standards/stig_microsoft_access_2016.json +107 -0
  246. data/standards/stig_microsoft_dot_net_framework_4.0.json +101 -0
  247. data/standards/stig_microsoft_excel_2003.json +47 -0
  248. data/standards/stig_microsoft_excel_2007.json +155 -0
  249. data/standards/stig_microsoft_excel_2010.json +287 -0
  250. data/standards/stig_microsoft_excel_2013.json +293 -0
  251. data/standards/stig_microsoft_excel_2016.json +257 -0
  252. data/standards/stig_microsoft_exchange_2010_client_access_server_role.json +71 -0
  253. data/standards/stig_microsoft_exchange_2010_core_server.json +47 -0
  254. data/standards/stig_microsoft_exchange_2010_edge_transport_server_role.json +233 -0
  255. data/standards/stig_microsoft_exchange_2010_hub_transport_server_role.json +125 -0
  256. data/standards/stig_microsoft_exchange_2010_mailbox_server_role.json +107 -0
  257. data/standards/stig_microsoft_exchange_server_2003.json +647 -0
  258. data/standards/stig_microsoft_groove_2013.json +71 -0
  259. data/standards/stig_microsoft_ie_version_6.json +599 -0
  260. data/standards/stig_microsoft_ie_version_7.json +749 -0
  261. data/standards/stig_microsoft_infopath_2003.json +41 -0
  262. data/standards/stig_microsoft_infopath_2007.json +167 -0
  263. data/standards/stig_microsoft_infopath_2010.json +155 -0
  264. data/standards/stig_microsoft_infopath_2013.json +149 -0
  265. data/standards/stig_microsoft_internet_explorer_10.json +857 -0
  266. data/standards/stig_microsoft_internet_explorer_11.json +839 -0
  267. data/standards/stig_microsoft_internet_explorer_9.json +821 -0
  268. data/standards/stig_microsoft_lync_2013.json +29 -0
  269. data/standards/stig_microsoft_office_system_2007.json +221 -0
  270. data/standards/stig_microsoft_office_system_2010.json +233 -0
  271. data/standards/stig_microsoft_office_system_2013.json +293 -0
  272. data/standards/stig_microsoft_office_system_2016.json +131 -0
  273. data/standards/stig_microsoft_onedrivebusiness_2016.json +89 -0
  274. data/standards/stig_microsoft_onenote_2010.json +77 -0
  275. data/standards/stig_microsoft_onenote_2013.json +71 -0
  276. data/standards/stig_microsoft_onenote_2016.json +71 -0
  277. data/standards/stig_microsoft_outlook_2003.json +65 -0
  278. data/standards/stig_microsoft_outlook_2007.json +479 -0
  279. data/standards/stig_microsoft_outlook_2010.json +515 -0
  280. data/standards/stig_microsoft_outlook_2013.json +497 -0
  281. data/standards/stig_microsoft_outlook_2016.json +359 -0
  282. data/standards/stig_microsoft_powerpoint_2003.json +47 -0
  283. data/standards/stig_microsoft_powerpoint_2007.json +131 -0
  284. data/standards/stig_microsoft_powerpoint_2010.json +191 -0
  285. data/standards/stig_microsoft_powerpoint_2013.json +251 -0
  286. data/standards/stig_microsoft_powerpoint_2016.json +233 -0
  287. data/standards/stig_microsoft_project_2010.json +83 -0
  288. data/standards/stig_microsoft_project_2013.json +95 -0
  289. data/standards/stig_microsoft_project_2016.json +95 -0
  290. data/standards/stig_microsoft_publisher_2010.json +107 -0
  291. data/standards/stig_microsoft_publisher_2013.json +101 -0
  292. data/standards/stig_microsoft_publisher_2016.json +101 -0
  293. data/standards/stig_microsoft_sharepoint_designer_2013.json +71 -0
  294. data/standards/stig_microsoft_skypebusiness_2016.json +29 -0
  295. data/standards/stig_microsoft_sql_server_2005_database.json +167 -0
  296. data/standards/stig_microsoft_sql_server_2005_instance.json +1001 -0
  297. data/standards/stig_microsoft_sql_server_2012_database.json +179 -0
  298. data/standards/stig_microsoft_sql_server_2012_database_instance.json +929 -0
  299. data/standards/stig_microsoft_visio_2013.json +89 -0
  300. data/standards/stig_microsoft_visio_2016.json +89 -0
  301. data/standards/stig_microsoft_windows_10_mobile.json +215 -0
  302. data/standards/stig_microsoft_windows_2008_server_domain_name_system.json +269 -0
  303. data/standards/stig_microsoft_windows_2012_server_domain_name_system.json +551 -0
  304. data/standards/stig_microsoft_windows_phone_8.1.json +161 -0
  305. data/standards/stig_microsoft_windows_server_2012_domain_controller.json +2633 -0
  306. data/standards/stig_microsoft_windows_server_2012_member_server.json +2411 -0
  307. data/standards/stig_microsoft_word_2003.json +47 -0
  308. data/standards/stig_microsoft_word_2007.json +119 -0
  309. data/standards/stig_microsoft_word_2010.json +221 -0
  310. data/standards/stig_microsoft_word_2013.json +221 -0
  311. data/standards/stig_microsoft_word_2016.json +215 -0
  312. data/standards/stig_mobile_application_management_mam_server.json +95 -0
  313. data/standards/stig_mobile_application_security_requirements_guide.json +233 -0
  314. data/standards/stig_mobile_device_integrity_scanning_mdis_server.json +119 -0
  315. data/standards/stig_mobile_device_management_mdm_server.json +125 -0
  316. data/standards/stig_mobile_device_manager_security_requirements_guide.json +2555 -0
  317. data/standards/stig_mobile_email_management_mem_server.json +197 -0
  318. data/standards/stig_mobile_operating_system_security_requirements_guide.json +1943 -0
  319. data/standards/stig_mobile_policy.json +35 -0
  320. data/standards/stig_mobile_policy_security_requirements_guide.json +437 -0
  321. data/standards/stig_mobileiron_core_v9.x_mdm.json +89 -0
  322. data/standards/stig_mobility_policy.json +65 -0
  323. data/standards/stig_mozilla_firefox.json +161 -0
  324. data/standards/stig_ms_exchange_2013_client_access_server.json +209 -0
  325. data/standards/stig_ms_exchange_2013_edge_transport_server.json +443 -0
  326. data/standards/stig_ms_exchange_2013_mailbox_server.json +437 -0
  327. data/standards/stig_ms_sharepoint_2010.json +269 -0
  328. data/standards/stig_ms_sharepoint_2013.json +245 -0
  329. data/standards/stig_ms_sharepoint_designer_2013.json +71 -0
  330. data/standards/stig_ms_sql_server_2014_database.json +263 -0
  331. data/standards/stig_ms_sql_server_2014_instance.json +575 -0
  332. data/standards/stig_ms_sql_server_2016_database.json +185 -0
  333. data/standards/stig_ms_sql_server_2016_instance.json +731 -0
  334. data/standards/stig_ms_windows_defender_antivirus.json +257 -0
  335. data/standards/stig_multifunction_device_and_network_printers.json +131 -0
  336. data/standards/stig_network_device_management_security_requirements_guide.json +863 -0
  337. data/standards/stig_network_devices.json +389 -0
  338. data/standards/stig_network_infrastructure_policy.json +455 -0
  339. data/standards/stig_network_security_requirements_guide.json +1961 -0
  340. data/standards/stig_operating_system_security_requirements_guide.json +1961 -0
  341. data/standards/stig_oracle_10_database_installation.json +527 -0
  342. data/standards/stig_oracle_10_database_instance.json +569 -0
  343. data/standards/stig_oracle_11_database_installation.json +527 -0
  344. data/standards/stig_oracle_11_database_instance.json +551 -0
  345. data/standards/stig_oracle_database_10g_installation.json +527 -0
  346. data/standards/stig_oracle_database_10g_instance.json +581 -0
  347. data/standards/stig_oracle_database_11.2g.json +1229 -0
  348. data/standards/stig_oracle_database_11g_installation.json +527 -0
  349. data/standards/stig_oracle_database_11g_instance.json +575 -0
  350. data/standards/stig_oracle_database_12c.json +1217 -0
  351. data/standards/stig_oracle_http_server_12.1.3.json +1703 -0
  352. data/standards/stig_oracle_linux_5.json +3431 -0
  353. data/standards/stig_oracle_linux_6.json +1583 -0
  354. data/standards/stig_oracle_weblogic_server_12c.json +443 -0
  355. data/standards/stig_palo_alto_networks_alg.json +311 -0
  356. data/standards/stig_palo_alto_networks_idps.json +185 -0
  357. data/standards/stig_palo_alto_networks_ndm.json +251 -0
  358. data/standards/stig_pda.json +83 -0
  359. data/standards/stig_pdasmartphone.json +95 -0
  360. data/standards/stig_perimeter_l3_switch.json +923 -0
  361. data/standards/stig_perimeter_l3_switch_-_cisco.json +1001 -0
  362. data/standards/stig_perimeter_router.json +803 -0
  363. data/standards/stig_perimeter_router_cisco.json +881 -0
  364. data/standards/stig_perimeter_router_juniper.json +803 -0
  365. data/standards/stig_postgresql_9.x.json +677 -0
  366. data/standards/stig_red_hat_enterprise_linux_5.json +3437 -0
  367. data/standards/stig_red_hat_enterprise_linux_6.json +1565 -0
  368. data/standards/stig_red_hat_enterprise_linux_7.json +1451 -0
  369. data/standards/stig_remote_access_policy.json +317 -0
  370. data/standards/stig_removable_storage_and_external_connection_technologies.json +143 -0
  371. data/standards/stig_removable_storage_and_external_connections.json +137 -0
  372. data/standards/stig_rfid_scanner.json +35 -0
  373. data/standards/stig_rfid_workstation.json +23 -0
  374. data/standards/stig_riverbed_steelhead_cx_v8_alg.json +83 -0
  375. data/standards/stig_riverbed_steelhead_cx_v8_ndm.json +371 -0
  376. data/standards/stig_router_security_requirements_guide.json +575 -0
  377. data/standards/stig_samsung_android_os_5_with_knox_2.0.json +365 -0
  378. data/standards/stig_samsung_android_os_6_with_knox_2.x.json +377 -0
  379. data/standards/stig_samsung_android_os_7_with_knox_2.x.json +443 -0
  380. data/standards/stig_samsung_android_with_knox_1.x.json +293 -0
  381. data/standards/stig_samsung_android_with_knox_2.x.json +371 -0
  382. data/standards/stig_samsung_knox_android_1.0.json +167 -0
  383. data/standards/stig_sharepoint_2010.json +269 -0
  384. data/standards/stig_sharepoint_2013.json +245 -0
  385. data/standards/stig_smartphone_policy.json +131 -0
  386. data/standards/stig_solaris_10_sparc.json +3029 -0
  387. data/standards/stig_solaris_10_x86.json +3065 -0
  388. data/standards/stig_solaris_11_sparc.json +1427 -0
  389. data/standards/stig_solaris_11_x86.json +1421 -0
  390. data/standards/stig_solaris_9_sparc.json +2915 -0
  391. data/standards/stig_solaris_9_x86.json +2915 -0
  392. data/standards/stig_sun_ray_4.json +185 -0
  393. data/standards/stig_sun_ray_4_policy.json +77 -0
  394. data/standards/stig_suse_linux_enterprise_server_v11system_z.json +3311 -0
  395. data/standards/stig_symantec_endpoint_protection_12.1_local_client_antivirus.json +689 -0
  396. data/standards/stig_symantec_endpoint_protection_12.1_managed_client_antivirus.json +695 -0
  397. data/standards/stig_tanium_6.5.json +461 -0
  398. data/standards/stig_tanium_7.0.json +803 -0
  399. data/standards/stig_test_and_development_zone_a.json +167 -0
  400. data/standards/stig_test_and_development_zone_b.json +179 -0
  401. data/standards/stig_test_and_development_zone_c.json +143 -0
  402. data/standards/stig_test_and_development_zone_d.json +143 -0
  403. data/standards/stig_traditional_security.json +917 -0
  404. data/standards/stig_unix_srg.json +3287 -0
  405. data/standards/stig_video_services_policy.json +497 -0
  406. data/standards/stig_video_teleconference.json +47 -0
  407. data/standards/stig_video_teleconference_vtc.json +12 -0
  408. data/standards/stig_vmware_esx_3_policy.json +155 -0
  409. data/standards/stig_vmware_esx_3_server.json +3791 -0
  410. data/standards/stig_vmware_esx_3_virtual_center.json +257 -0
  411. data/standards/stig_vmware_esx_3_virtual_machine.json +53 -0
  412. data/standards/stig_vmware_esxi_server_5.0.json +809 -0
  413. data/standards/stig_vmware_esxi_v5.json +5177 -0
  414. data/standards/stig_vmware_esxi_version_5_virtual_machine.json +317 -0
  415. data/standards/stig_vmware_nsx_distributed_firewall.json +83 -0
  416. data/standards/stig_vmware_nsx_distributed_logical_router.json +35 -0
  417. data/standards/stig_vmware_nsx_manager.json +191 -0
  418. data/standards/stig_vmware_vcenter_server.json +179 -0
  419. data/standards/stig_vmware_vcenter_server_version_5.json +149 -0
  420. data/standards/stig_vmware_vsphere_esxi_6.0.json +659 -0
  421. data/standards/stig_vmware_vsphere_vcenter_server_version_6.json +311 -0
  422. data/standards/stig_vmware_vsphere_virtual_machine_version_6.json +269 -0
  423. data/standards/stig_voice_and_video_over_internet_protocol_vvoip_policy.json +407 -0
  424. data/standards/stig_voice_video_endpoint_security_requirements_guide.json +395 -0
  425. data/standards/stig_voice_video_services_policy.json +671 -0
  426. data/standards/stig_voice_video_session_management_security_requirements_guide.json +329 -0
  427. data/standards/stig_voicevideo_over_internet_protocol.json +419 -0
  428. data/standards/stig_voicevideo_over_internet_protocol_vvoip.json +263 -0
  429. data/standards/stig_voicevideo_services_policy.json +569 -0
  430. data/standards/stig_web_policy.json +95 -0
  431. data/standards/stig_web_server.json +317 -0
  432. data/standards/stig_web_server_security_requirements_guide.json +587 -0
  433. data/standards/stig_win2k3_audit.json +761 -0
  434. data/standards/stig_win2k8_audit.json +1085 -0
  435. data/standards/stig_win2k8_r2_audit.json +1637 -0
  436. data/standards/stig_win7_audit.json +1613 -0
  437. data/standards/stig_windows_10.json +1691 -0
  438. data/standards/stig_windows_2003_domain_controller.json +893 -0
  439. data/standards/stig_windows_2003_member_server.json +845 -0
  440. data/standards/stig_windows_2008_domain_controller.json +1475 -0
  441. data/standards/stig_windows_2008_member_server.json +1301 -0
  442. data/standards/stig_windows_7.json +1781 -0
  443. data/standards/stig_windows_8.json +2399 -0
  444. data/standards/stig_windows_88.1.json +2273 -0
  445. data/standards/stig_windows_8_8.1.json +2297 -0
  446. data/standards/stig_windows_defender_antivirus.json +239 -0
  447. data/standards/stig_windows_dns.json +185 -0
  448. data/standards/stig_windows_firewall_with_advanced_security.json +137 -0
  449. data/standards/stig_windows_paw.json +155 -0
  450. data/standards/stig_windows_phone_6.5_with_good_mobility_suite.json +65 -0
  451. data/standards/stig_windows_server_2008_r2_domain_controller.json +1961 -0
  452. data/standards/stig_windows_server_2008_r2_member_server.json +1745 -0
  453. data/standards/stig_windows_server_20122012_r2_domain_controller.json +2255 -0
  454. data/standards/stig_windows_server_20122012_r2_member_server.json +2045 -0
  455. data/standards/stig_windows_server_2012_2012_r2_domain_controller.json +2279 -0
  456. data/standards/stig_windows_server_2012_2012_r2_member_server.json +2075 -0
  457. data/standards/stig_windows_server_2012_domain_controller.json +2471 -0
  458. data/standards/stig_windows_server_2012_member_server.json +2249 -0
  459. data/standards/stig_windows_server_2016.json +1661 -0
  460. data/standards/stig_windows_vista.json +1517 -0
  461. data/standards/stig_windows_xp.json +893 -0
  462. data/standards/stig_wireless_keyboard_and_mouse.json +23 -0
  463. data/standards/stig_wireless_management_server_policy.json +53 -0
  464. data/standards/stig_wireless_remote_access_policy_security_implementation_guide.json +29 -0
  465. data/standards/stig_wlan_access_point_enclave-niprnet_connected.json +227 -0
  466. data/standards/stig_wlan_access_point_internet_gateway_only_connection.json +209 -0
  467. data/standards/stig_wlan_access_point_policy.json +17 -0
  468. data/standards/stig_wlan_authentication_server.json +29 -0
  469. data/standards/stig_wlan_bridge.json +209 -0
  470. data/standards/stig_wlan_client.json +65 -0
  471. data/standards/stig_wlan_controller.json +215 -0
  472. data/standards/stig_wlan_ids_sensorserver.json +23 -0
  473. data/standards/stig_wman_access_point.json +263 -0
  474. data/standards/stig_wman_bridge.json +209 -0
  475. data/standards/stig_wman_subscriber.json +65 -0
  476. data/standards/stig_zos_acf2.json +1451 -0
  477. data/standards/stig_zos_bmc_control-dacf2.json +53 -0
  478. data/standards/stig_zos_bmc_control-dracf.json +59 -0
  479. data/standards/stig_zos_bmc_control-dtss.json +65 -0
  480. data/standards/stig_zos_bmc_control-macf2.json +59 -0
  481. data/standards/stig_zos_bmc_control-mracf.json +65 -0
  482. data/standards/stig_zos_bmc_control-mrestartacf2.json +23 -0
  483. data/standards/stig_zos_bmc_control-mrestartracf.json +23 -0
  484. data/standards/stig_zos_bmc_control-mrestarttss.json +23 -0
  485. data/standards/stig_zos_bmc_control-mtss.json +71 -0
  486. data/standards/stig_zos_bmc_control-oacf2.json +53 -0
  487. data/standards/stig_zos_bmc_control-oracf.json +59 -0
  488. data/standards/stig_zos_bmc_control-otss.json +65 -0
  489. data/standards/stig_zos_bmc_ioaacf2.json +53 -0
  490. data/standards/stig_zos_bmc_ioaracf.json +59 -0
  491. data/standards/stig_zos_bmc_ioatss.json +65 -0
  492. data/standards/stig_zos_bmc_mainviewzosacf2.json +47 -0
  493. data/standards/stig_zos_bmc_mainviewzosracf.json +53 -0
  494. data/standards/stig_zos_bmc_mainviewzostss.json +59 -0
  495. data/standards/stig_zos_ca_1_tape_managementacf2.json +65 -0
  496. data/standards/stig_zos_ca_1_tape_managementracf.json +77 -0
  497. data/standards/stig_zos_ca_1_tape_managementtss.json +77 -0
  498. data/standards/stig_zos_ca_auditoracf2.json +29 -0
  499. data/standards/stig_zos_ca_auditorracf.json +29 -0
  500. data/standards/stig_zos_ca_auditortss.json +29 -0
  501. data/standards/stig_zos_ca_common_servicesacf2.json +23 -0
  502. data/standards/stig_zos_ca_common_servicesracf.json +29 -0
  503. data/standards/stig_zos_ca_common_servicestss.json +29 -0
  504. data/standards/stig_zos_ca_micsacf2.json +23 -0
  505. data/standards/stig_zos_ca_micsracf.json +23 -0
  506. data/standards/stig_zos_ca_micstss.json +23 -0
  507. data/standards/stig_zos_ca_mimacf2.json +41 -0
  508. data/standards/stig_zos_ca_mimracf.json +47 -0
  509. data/standards/stig_zos_ca_mimtss.json +47 -0
  510. data/standards/stig_zos_ca_vtapeacf2.json +29 -0
  511. data/standards/stig_zos_ca_vtaperacf.json +35 -0
  512. data/standards/stig_zos_ca_vtapetss.json +35 -0
  513. data/standards/stig_zos_catalog_solutionsacf2.json +23 -0
  514. data/standards/stig_zos_catalog_solutionsracf.json +23 -0
  515. data/standards/stig_zos_catalog_solutionstss.json +23 -0
  516. data/standards/stig_zos_clsupersessionacf2.json +53 -0
  517. data/standards/stig_zos_clsupersessionracf.json +65 -0
  518. data/standards/stig_zos_clsupersessiontss.json +71 -0
  519. data/standards/stig_zos_compuware_abend-aidacf2.json +47 -0
  520. data/standards/stig_zos_compuware_abend-aidracf.json +53 -0
  521. data/standards/stig_zos_compuware_abend-aidtss.json +53 -0
  522. data/standards/stig_zos_cssmtpacf2.json +23 -0
  523. data/standards/stig_zos_cssmtpracf.json +29 -0
  524. data/standards/stig_zos_cssmtptss.json +29 -0
  525. data/standards/stig_zos_fdracf2.json +23 -0
  526. data/standards/stig_zos_fdrracf.json +23 -0
  527. data/standards/stig_zos_fdrtss.json +23 -0
  528. data/standards/stig_zos_hcdacf2.json +29 -0
  529. data/standards/stig_zos_hcdracf.json +29 -0
  530. data/standards/stig_zos_hcdtss.json +29 -0
  531. data/standards/stig_zos_ibm_cics_transaction_serveracf2.json +17 -0
  532. data/standards/stig_zos_ibm_cics_transaction_serverracf.json +17 -0
  533. data/standards/stig_zos_ibm_cics_transaction_servertss.json +17 -0
  534. data/standards/stig_zos_ibm_health_checkeracf2.json +23 -0
  535. data/standards/stig_zos_ibm_health_checkerracf.json +29 -0
  536. data/standards/stig_zos_ibm_health_checkertss.json +29 -0
  537. data/standards/stig_zos_ibm_system_display_and_search_facility_sdsfacf2.json +53 -0
  538. data/standards/stig_zos_ibm_system_display_and_search_facility_sdsfracf.json +59 -0
  539. data/standards/stig_zos_ibm_system_display_and_search_facility_sdsftss.json +53 -0
  540. data/standards/stig_zos_icsfacf2.json +29 -0
  541. data/standards/stig_zos_icsfracf.json +35 -0
  542. data/standards/stig_zos_icsftss.json +35 -0
  543. data/standards/stig_zos_netviewacf2.json +41 -0
  544. data/standards/stig_zos_netviewracf.json +47 -0
  545. data/standards/stig_zos_netviewtss.json +53 -0
  546. data/standards/stig_zos_quest_nc-passacf2.json +35 -0
  547. data/standards/stig_zos_quest_nc-passracf.json +41 -0
  548. data/standards/stig_zos_quest_nc-passtss.json +47 -0
  549. data/standards/stig_zos_racf.json +1415 -0
  550. data/standards/stig_zos_roscoeacf2.json +47 -0
  551. data/standards/stig_zos_roscoeracf.json +53 -0
  552. data/standards/stig_zos_roscoetss.json +59 -0
  553. data/standards/stig_zos_srrauditacf2.json +23 -0
  554. data/standards/stig_zos_srrauditracf.json +23 -0
  555. data/standards/stig_zos_srraudittss.json +23 -0
  556. data/standards/stig_zos_tadzacf2.json +29 -0
  557. data/standards/stig_zos_tadzracf.json +35 -0
  558. data/standards/stig_zos_tadztss.json +35 -0
  559. data/standards/stig_zos_tdmfacf2.json +23 -0
  560. data/standards/stig_zos_tdmfracf.json +23 -0
  561. data/standards/stig_zos_tdmftss.json +23 -0
  562. data/standards/stig_zos_tss.json +1523 -0
  563. data/standards/stig_zos_vssracf.json +29 -0
  564. metadata +691 -0
data/standards/stig_blackberry_enterprise_service_v10.1.x_blackberry_device_service.json ADDED
@@ -0,0 +1,317 @@
1
+ {
2
+ "name": "stig_blackberry_enterprise_service_v10.1.x_blackberry_device_service",
3
+ "date": "2014-10-06",
4
+ "description": "Developed by Research In Motion Ltd. in coordination with DISA for use in the DoD.",
5
+ "title": "BlackBerry Enterprise Service v10.1.x BlackBerry Device Service STIG",
6
+ "version": "1",
7
+ "item_syntax": "^\\w-\\d+$",
8
+ "section_separator": null,
9
+ "items": [
10
+ {
11
+ "id": "V-38932",
12
+ "title": "The BlackBerry Device Service server must enforce the minimum password length for the Personal Space password to 4 digits via centrally managed policy.",
13
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
14
+ "severity": "low"
15
+ },
16
+ {
17
+ "id": "V-38935",
18
+ "title": "The BlackBerry Device Service server must disallow mobile device applications the ability to reset the Work Space lock timer via centrally managed policy.",
19
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
20
+ "severity": "high"
21
+ },
22
+ {
23
+ "id": "V-38937",
24
+ "title": "The BlackBerry Device Service server must disable any mobile OS service that connects to a cloud storage server via centrally managed policy.",
25
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
26
+ "severity": "high"
27
+ },
28
+ {
29
+ "id": "V-38939",
30
+ "title": "The BlackBerry Device Service server must direct all Work Space application traffic through the BlackBerry Device Service server via centrally managed policy.",
31
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
32
+ "severity": "high"
33
+ },
34
+ {
35
+ "id": "V-38940",
36
+ "title": "The BlackBerry Device Service server must disallow Personal Space applications access to the Work Space network connection via centrally managed policy.",
37
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
38
+ "severity": "medium"
39
+ },
40
+ {
41
+ "id": "V-38941",
42
+ "title": "The BlackBerry Device Service server must have the administrative functionality disallow hyperlinks within Work Space applications from opening within the Personal Space browser application via centrally managed policy.",
43
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
44
+ "severity": "medium"
45
+ },
46
+ {
47
+ "id": "V-38943",
48
+ "title": "The BlackBerry Device Service server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Set the number of allowed repeated characters in the mobile device unlock password.",
49
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
50
+ "severity": "low"
51
+ },
52
+ {
53
+ "id": "V-38946",
54
+ "title": "The BlackBerry Device Service server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Disallow sequential numbers in the mobile device unlock password.",
55
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
56
+ "severity": "low"
57
+ },
58
+ {
59
+ "id": "V-38948",
60
+ "title": "The BlackBerry Device Service server must disable copying data from inside a non-secure data area on a mobile device into the security container via centrally managed policy. ",
61
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. If this control is not available, sensitive DoD data stored inside the security container could be exposed if it is copied to a non-secure area on the device.",
62
+ "severity": "high"
63
+ },
64
+ {
65
+ "id": "V-38949",
66
+ "title": "The BlackBerry Device Service server must allow only Work Space contacts to be read from a native Personal Space application via centrally managed policy. ",
67
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. If this control is not available, sensitive DoD data stored inside the security container could be exposed if it is copied to a non-secure area on the device.",
68
+ "severity": "low"
69
+ },
70
+ {
71
+ "id": "V-38951",
72
+ "title": "The BlackBerry Device Service server must implement separation of administrator duties by requiring a specific role be assigned to each administrator account.",
73
+ "description": "Separation of duties supports the management of individual accountability and reduces the power of one individual or administrative account. Employing a separation of duties model reduces the threat that one individual has the authority to make changes to a system, and the authority to delete any record of those changes. \nThis requirement is intended to limit exposure due to operating from within a privileged account or role. The inclusion of a role is intended to address those situations where an access control policy, such as Role Based Access Control (RBAC), is being implemented and where a change of role provides the same degree of assurance in the change of access authorizations for both the user and all processes acting on behalf of the user as would be provided by a change between a privileged and non-privileged account. \nIt is recommended that the following or similar roles be supported: \n- MDM administrative account administrator: responsible for server installation, initial configuration, and maintenance functions.\n- Security configuration policy administrator (IA technical professional): responsible for security configuration of the server and setting up and maintenance of mobile device security policies.\n- Device management administrator (Technical operator): responsible for maintenance of mobile device accounts, including setup, change of account configurations, and account deletion.\n- Auditor (internal auditor or reviewer): responsible for reviewing and maintaining server and mobile device audit logs.",
74
+ "severity": "high"
75
+ },
76
+ {
77
+ "id": "V-38952",
78
+ "title": "The BlackBerry Device Service server must deploy operating system and application updates via over-the-air (OTA) provisioning for managed mobile devices.",
79
+ "description": "Without the MDM ability to deploy operating systems and application updates over the air, it is possible for the mobile devices under the MDM's control to be susceptible to a zero day attack. The ability to apply updates OTA allows for rapid response to patching.",
80
+ "severity": "medium"
81
+ },
82
+ {
83
+ "id": "V-38954",
84
+ "title": "BlackBerry accounts must not be assigned to the default IT policy on the BlackBerry Device Service server or any other non-STIG compliant IT policy.",
85
+ "description": "The BlackBerry default policy on the BDS server does not include many DoD required security policies for data encryption, authentication, and access control. DoD enclaves are at risk of data exposure and hacker attack if users are assigned the default (or other non-STIG compliant) IT policy.",
86
+ "severity": "high"
87
+ },
88
+ {
89
+ "id": "V-38959",
90
+ "title": "If the BlackBerry Device Service server includes a mobile email management capability, the email client S/MIME encryption algorithm must be 3DES or AES. When AES is used, AES-128 bit encryption key length is the minimum requirement; AES-256 is desired.",
91
+ "description": "Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data. In this case the requirement states that S/MIME must utilize a 3DES or AES encryption algorithm.",
92
+ "severity": "medium"
93
+ },
94
+ {
95
+ "id": "V-38964",
96
+ "title": "The BlackBerry Device Service server must disable Bluetooth Discoverable Mode via centrally managed policy.",
97
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
98
+ "severity": "medium"
99
+ },
100
+ {
101
+ "id": "V-38965",
102
+ "title": "The BlackBerry Device Service server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Enable or disable the transfer of any file-based data via Bluetooth.",
103
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
104
+ "severity": "high"
105
+ },
106
+ {
107
+ "id": "V-38966",
108
+ "title": "The BlackBerry Device Service server must enable Bluetooth pairing using a randomly generated passkey size of at least 8 digits via centrally managed policy.",
109
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
110
+ "severity": "medium"
111
+ },
112
+ {
113
+ "id": "V-38967",
114
+ "title": "The BlackBerry Device Service server must enable Bluetooth 128-bit encryption via centrally managed policy.",
115
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
116
+ "severity": "medium"
117
+ },
118
+ {
119
+ "id": "V-38992",
120
+ "title": "BlackBerry Web Desktop Manager must be configured to permit users to activate new BlackBerry devices only.",
121
+ "description": "The overall security posture of the BlackBerry system is dependent on strict configuration management controls, including ensuring only authorized BlackBerry devices are being used and authorized devices are provisioned as required. When these configurations are not set as required, users may have the capability to activate unauthorized BlackBerry devices.",
122
+ "severity": "medium"
123
+ },
124
+ {
125
+ "id": "V-39012",
126
+ "title": "The BlackBerry Device Service server must set the number of incorrect password attempts before a data wipe procedure is initiated to 10 via centrally managed policy.",
127
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
128
+ "severity": "medium"
129
+ },
130
+ {
131
+ "id": "V-39013",
132
+ "title": "The BlackBerry Device Service server must enable a Work Space password via centrally managed policy.",
133
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately",
134
+ "severity": "medium"
135
+ },
136
+ {
137
+ "id": "V-39014",
138
+ "title": "The BlackBerry Device Service server must set the number of uppercase letters in the Work Space password to at least one via centrally managed policy.",
139
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
140
+ "severity": "medium"
141
+ },
142
+ {
143
+ "id": "V-39015",
144
+ "title": "The BlackBerry Device Service server must set the number of numbers in the Work Space password to at least one via centrally managed policy.",
145
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
146
+ "severity": "medium"
147
+ },
148
+ {
149
+ "id": "V-39018",
150
+ "title": "The BlackBerry Device Service server must enable a Work Space password length of eight or more characters via centrally managed policy.",
151
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
152
+ "severity": "medium"
153
+ },
154
+ {
155
+ "id": "V-39022",
156
+ "title": "The BlackBerry Device Service server must set the Work Space inactivity timeout to 15 minutes via centrally managed policy.",
157
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
158
+ "severity": "medium"
159
+ },
160
+ {
161
+ "id": "V-39023",
162
+ "title": "The BlackBerry Device Service server must be configured to restrict the download of software within the Work Space to DoD-approved sources only (e.g., DoD-operated mobile device application store or BlackBerry Device Service server).",
163
+ "description": "DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system in most cases can be configured to disable user access to public application stores.",
164
+ "severity": "medium"
165
+ },
166
+ {
167
+ "id": "V-39026",
168
+ "title": "BlackBerry Web Desktop Manager must be configured to disable a users capability to perform self-service tasks.",
169
+ "description": "The overall security posture of the BlackBerry system is dependent on strict configuration management controls, including ensuring only authorized BlackBerry devices are being used and authorized devices are provisioned as required. When these configurations are not set as required, users may have the capability to activate unauthorized BlackBerry devices.",
170
+ "severity": "medium"
171
+ },
172
+ {
173
+ "id": "V-39027",
174
+ "title": "BlackBerry Web Desktop Manager must be configured to disable a users capability to perform a backup or restore of the Work Space.",
175
+ "description": "The overall security posture of the BlackBerry system is dependent on strict configuration management controls, including ensuring only authorized BlackBerry devices are being used and authorized devices are provisioned as required. When these configurations are not set as required, users may have the capability to activate unauthorized BlackBerry devices.",
176
+ "severity": "low"
177
+ },
178
+ {
179
+ "id": "V-39028",
180
+ "title": "The BlackBerry Device Service server must disallow any native applications pertaining to billing via centrally managed policy.",
181
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
182
+ "severity": "low"
183
+ },
184
+ {
185
+ "id": "V-39029",
186
+ "title": "The BlackBerry Device Service server must have the administrative functionality to centrally manage the following security policy rule on managed mobile devices: Disallow any native applications pertaining to billing on a managed mobile device.",
187
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
188
+ "severity": "low"
189
+ },
190
+ {
191
+ "id": "V-39031",
192
+ "title": "The BlackBerry Device Service server must require administrators to be authenticated with an individual authenticator prior to using a group authenticator.",
193
+ "description": "To assure individual accountability and prevent unauthorized access, MDM administrators and users (and any processes acting on behalf of users) must be individually identified and authenticated. Without individual accountability, there can be no traceability back to an individual if there were a security incident on the system. In addition, group accounts can be shared with individuals who do not have authorized access.",
194
+ "severity": "high"
195
+ },
196
+ {
197
+ "id": "V-39032",
198
+ "title": "The BlackBerry Device Service server must use organization defined replay-resistant authentication mechanisms for network access to privileged accounts.",
199
+ "description": "An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Replay attacks, if successfully used against a MDM account could result in unfettered access to the MDM settings and data records. ",
200
+ "severity": "high"
201
+ },
202
+ {
203
+ "id": "V-39035",
204
+ "title": "The BlackBerry Device Service server must be configured to accept only trusted connections to back-office enclave application or web push servers. Push servers are set up to push content to BlackBerry users.",
205
+ "description": "Device authentication is a solution enabling an organization to manage both users and devices. This requirement applies to MDM servers that provide mobile device and user access to network shares, web servers, and other network resources located on the internal enclave (back-office servers, etc.). This connection bypasses user network authentication mechanisms (i.e., CAC authentication). Therefore, the MDM server must allow connections to only back-office network resources that support CAC authentication with the mobile device user. In this case, a trusted connection refers to mutual PKI based authentication between the MDM server and the network server.",
206
+ "severity": "medium"
207
+ },
208
+ {
209
+ "id": "V-39036",
210
+ "title": "The BlackBerry Device Service server must support administrator authentication to the server via the Enterprise Authentication Mechanisms authentication.",
211
+ "description": "In the DoD, Administrator credential requirements for authentication are defined by CTO 07-115Rev1, which is usually enforced by the Enterprise Authentication Mechanism. Non-complaint credential enforcement mechanisms make the DoD IS vulnerable to attack.",
212
+ "severity": "medium"
213
+ },
214
+ {
215
+ "id": "V-39037",
216
+ "title": "The key store password for the certificate that the BlackBerry Administration Service (BAS) and BlackBerry Web Desktop Manager (BWDM) use must be changed from the default.",
217
+ "description": "The key store password protects the server digital authentication certificates from unauthorized use.",
218
+ "severity": "low"
219
+ },
220
+ {
221
+ "id": "V-39038",
222
+ "title": "The BlackBerry Device Service server must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.",
223
+ "description": "MDM applications utilizing encryption are required to use approved encryption modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified, and cannot be relied upon to provide confidentiality or integrity and DoD data may be compromised due to weak algorithms. ",
224
+ "severity": "high"
225
+ },
226
+ {
227
+ "id": "V-39039",
228
+ "title": "The BlackBerry Device Service server must employ strong identification and authentication techniques in the establishment of non-local maintenance and diagnostic sessions.",
229
+ "description": "Lack of authentication enables anyone to gain access to the MDM. Network access control mechanisms interoperate to prevent unauthorized access and to enforce the organization's security policy. Authorization for access to the MDM to perform maintenance and diagnostics requires an individual account identifier that has been approved, assigned, and configured. Authentication of non-local maintenance and diagnostics sessions must be accomplished through two-factor authentication via the combination of passwords, tokens, and biometrics.",
230
+ "severity": "high"
231
+ },
232
+ {
233
+ "id": "V-39040",
234
+ "title": "The server PKI digital certificate installed on the BlackBerry Device Service (BDS) Server to support BlackBerry Administration Service and BlackBerry Web Desktop Manager (BWDM) authentication must be a DoD PKI issued certificate. A self signed certificate will not be used.",
235
+ "description": "When a self signed PKI certificate is used, a rogue BDS server can impersonate the DoD BDS server during SA connections to the BAS or when a BlackBerry user uses BWDM to connect to the BAS. In addition, DoDI 8520-02 requires PKI certificates come from a trusted DoD PKI.",
236
+ "severity": "low"
237
+ },
238
+ {
239
+ "id": "V-40718",
240
+ "title": "The BlackBerry Device Service server must disable the Advanced Audio Distribution Profile (A2DP) Bluetooth profile via centrally managed policy.",
241
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. \n",
242
+ "severity": "medium"
243
+ },
244
+ {
245
+ "id": "V-40719",
246
+ "title": "The BlackBerry Device Service server must disable the Audio/Video Remote Control Profile (AVRCP) Bluetooth profile via centrally managed policy.",
247
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. \n",
248
+ "severity": "medium"
249
+ },
250
+ {
251
+ "id": "V-40720",
252
+ "title": "The BlackBerry Device Service server must disable the Phone Book Access Profile (PBAP) Bluetooth profile via centrally managed policy.",
253
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. \n",
254
+ "severity": "medium"
255
+ },
256
+ {
257
+ "id": "V-40721",
258
+ "title": "The BlackBerry Device Service server must disable the Hands-Free Profile (HFP) Bluetooth profile via centrally managed policy.",
259
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. \n",
260
+ "severity": "medium"
261
+ },
262
+ {
263
+ "id": "V-40722",
264
+ "title": "The BlackBerry Device Service server must disable the Message Access Profile (MAP) Bluetooth profile via centrally managed policy.",
265
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. \n",
266
+ "severity": "medium"
267
+ },
268
+ {
269
+ "id": "V-40723",
270
+ "title": "The BlackBerry Device Service server must disable the Personal Area Networking Profile (PAN) Bluetooth profile via centrally managed policy.",
271
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. \n",
272
+ "severity": "medium"
273
+ },
274
+ {
275
+ "id": "V-40724",
276
+ "title": "The BlackBerry Device Service server must disable the mobile device users access to BlackBerry World for Work Space and only allow access to apps published from BlackBerry Device Service.",
277
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. \n",
278
+ "severity": "medium"
279
+ },
280
+ {
281
+ "id": "V-40725",
282
+ "title": "The BlackBerry Device Service server must force the display of a warning banner on the lock screen of the mobile device via centrally managed policy.",
283
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. \nThe warning banner must be displayed before or immediately after the user successfully unlocks the mobile device or unlocks a secure application where sensitive DoD data is stored: \"I've read & consent to terms in IS user agreement.\" (Wording must be exactly as specified.)",
284
+ "severity": "medium"
285
+ },
286
+ {
287
+ "id": "V-40726",
288
+ "title": "The BlackBerry Device Service server must disable the transfer of work files using Bluetooth OPP via centrally managed policy.",
289
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. \n",
290
+ "severity": "medium"
291
+ },
292
+ {
293
+ "id": "V-40727",
294
+ "title": "The BlackBerry Device Service server must disable the transfer of work messages using Bluetooth MAP via centrally managed policy.",
295
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. \n",
296
+ "severity": "medium"
297
+ },
298
+ {
299
+ "id": "V-40728",
300
+ "title": "The BlackBerry Device Service server must disable the transfer of work messages using Bluetooth MAP without a user prompt via centrally managed policy.",
301
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. \n",
302
+ "severity": "medium"
303
+ },
304
+ {
305
+ "id": "V-40729",
306
+ "title": "The BlackBerry Device Service server must disable the Bluetooth transfer of Work Space contacts via centrally managed policy.",
307
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. \n",
308
+ "severity": "medium"
309
+ },
310
+ {
311
+ "id": "V-54981",
312
+ "title": "BlackBerry Device service 6.2 and BlackBerry Enterprise Service 10.1.x BlackBerry Device Service MDM servers that are no longer supported by the vendor for security updates must not be installed on a system.",
313
+ "description": "BlackBerry Device service 6.2 and BlackBerry Enterprise Service 10.1.x BlackBerry Device Service MDM servers that are no longer supported by BlackBerry for security updates are not evaluated or updated for vulnerabilities, leaving them open to potential attack. Organizations must transition to a supported operating system to ensure continued support.",
314
+ "severity": "high"
315
+ }
316
+ ]
317
+ }
data/standards/stig_blackberry_enterprise_service_v10.2.x_blackberry_device_service.json ADDED
@@ -0,0 +1,263 @@
1
+ {
2
+ "name": "stig_blackberry_enterprise_service_v10.2.x_blackberry_device_service",
3
+ "date": "2015-07-23",
4
+ "description": "Developed by BlackBerry Ltd. in coordination with DISA for use in the DoD. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil",
5
+ "title": "BlackBerry Enterprise Service v10.2.x BlackBerry Device Service STIG",
6
+ "version": "1",
7
+ "item_syntax": "^\\w-\\d+$",
8
+ "section_separator": null,
9
+ "items": [
10
+ {
11
+ "id": "V-48503",
12
+ "title": "The BlackBerry Device Service server must implement separation of administrator duties by requiring a specific role be assigned to each administrator account.",
13
+ "description": "Separation of duties supports the management of individual accountability and reduces the power of one individual or administrative account. Employing a separation of duties model reduces the threat that one individual has the authority to make changes to a system, and the authority to delete any record of those changes. \nThis requirement is intended to limit exposure due to operating from within a privileged account or role. The inclusion of a role is intended to address those situations where an access control policy, such as Role Based Access Control (RBAC), is being implemented and where a change of role provides the same degree of assurance in the change of access authorizations for both the user and all processes acting on behalf of the user as would be provided by a change between a privileged and non-privileged account. \nIt is recommended that the following or similar roles be supported: \n- MDM administrative account administrator: responsible for server installation, initial configuration, and maintenance functions.\n- Security configuration policy administrator (IA technical professional): responsible for security configuration of the server and setting up and maintenance of mobile device security policies.\n- Device management administrator (Technical operator): responsible for maintenance of mobile device accounts, including setup, change of account configurations, and account deletion.\n- Auditor (internal auditor or reviewer): responsible for reviewing and maintaining server and mobile device audit logs.",
14
+ "severity": "high"
15
+ },
16
+ {
17
+ "id": "V-48509",
18
+ "title": "The BlackBerry Device Service server must bind removable storage media cards to the mobile device via centrally managed policy.",
19
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
20
+ "severity": "medium"
21
+ },
22
+ {
23
+ "id": "V-48513",
24
+ "title": "The BlackBerry Device Service server must enforce the email client S/MIME encryption algorithm to be 3DES or AES256 via centrally managed policy.",
25
+ "description": "Cryptography is only as strong as the encryption modules/algorithms that are employed to encrypt the data. Strong encryption must be used to protect the integrity and confidentiality of the data. In this case the requirement states that S/MIME must utilize a 3DES or AES encryption algorithm.",
26
+ "severity": "medium"
27
+ },
28
+ {
29
+ "id": "V-48517",
30
+ "title": "The BlackBerry Device Service server must disable the Advanced Audio Distribution Profile (A2DP) Bluetooth profile via centrally managed policy.",
31
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
32
+ "severity": "medium"
33
+ },
34
+ {
35
+ "id": "V-48519",
36
+ "title": "The BlackBerry Device Service server must disable the Audio/Video Remote Control Profile (AVRCP) Bluetooth profile via centrally managed policy.",
37
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
38
+ "severity": "medium"
39
+ },
40
+ {
41
+ "id": "V-48523",
42
+ "title": "The BlackBerry Device Service server must disable the Phone Book Access Profile (PBAP) Bluetooth profile via centrally managed policy.",
43
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
44
+ "severity": "medium"
45
+ },
46
+ {
47
+ "id": "V-48525",
48
+ "title": "The BlackBerry Device Service server must disable the Hands-Free Profile (HFP) Bluetooth profile via centrally managed policy.",
49
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
50
+ "severity": "medium"
51
+ },
52
+ {
53
+ "id": "V-48527",
54
+ "title": "The BlackBerry Device Service server must disable the Message Access Profile (MAP) Bluetooth profile via centrally managed policy.",
55
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
56
+ "severity": "medium"
57
+ },
58
+ {
59
+ "id": "V-48529",
60
+ "title": "The BlackBerry Device Service server must disable the Personal Area Networking Profile (PAN) Bluetooth profile via centrally managed policy.",
61
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
62
+ "severity": "medium"
63
+ },
64
+ {
65
+ "id": "V-48537",
66
+ "title": "The BlackBerry Device Service server must disable Bluetooth Discoverable Mode via centrally managed policy.",
67
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
68
+ "severity": "medium"
69
+ },
70
+ {
71
+ "id": "V-48543",
72
+ "title": "The BlackBerry Device Service server must disable the transfer of any file-based data via Bluetooth via centrally managed policy.",
73
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. ",
74
+ "severity": "high"
75
+ },
76
+ {
77
+ "id": "V-48545",
78
+ "title": "The BlackBerry Device Service server must disable the transfer of any file-based data via Bluetooth (Bluetooth MAP) via centrally managed policy.",
79
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
80
+ "severity": "high"
81
+ },
82
+ {
83
+ "id": "V-48547",
84
+ "title": "The BlackBerry Device Service server must disable the transfer of any file-based data via Bluetooth (Bluetooth MAP without prompt) via centrally managed policy.",
85
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
86
+ "severity": "high"
87
+ },
88
+ {
89
+ "id": "V-48549",
90
+ "title": "The BlackBerry Device Service server must disable the transfer of any file-based data via Bluetooth (Transfer Work Contacts Using Bluetooth PBAP or HFP) via centrally managed policy.",
91
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
92
+ "severity": "high"
93
+ },
94
+ {
95
+ "id": "V-48553",
96
+ "title": "The BlackBerry Device Service server must enable Bluetooth pairing using a randomly generated passkey size of at least 8 digits via centrally managed policy.",
97
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
98
+ "severity": "medium"
99
+ },
100
+ {
101
+ "id": "V-48555",
102
+ "title": "The BlackBerry Device Service server must disable the transfer of any file-based data via Near Field Communication (NFC) via centrally managed policy.",
103
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
104
+ "severity": "high"
105
+ },
106
+ {
107
+ "id": "V-48557",
108
+ "title": "The BlackBerry Device Service server must enable Bluetooth 128 bit encryption via centrally managed policy.",
109
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
110
+ "severity": "medium"
111
+ },
112
+ {
113
+ "id": "V-48559",
114
+ "title": "The BlackBerry Device Service server must be configured to accept only trusted connections to back-office enclave application or web push servers. Push servers are set up to push content to BlackBerry users.",
115
+ "description": "Only authorized servers should be able to push content to BlackBerry devices.",
116
+ "severity": "medium"
117
+ },
118
+ {
119
+ "id": "V-48561",
120
+ "title": "BlackBerry Web Desktop Manager must be configured to permit users to activate new BlackBerry devices only.",
121
+ "description": "The overall security posture of the BlackBerry system is dependent on strict configuration management controls, including ensuring only authorized BlackBerry devices are being used and authorized devices are provisioned as required. When these configurations are not set as required, users may have the capability to activate unauthorized BlackBerry devices.",
122
+ "severity": "medium"
123
+ },
124
+ {
125
+ "id": "V-48565",
126
+ "title": "The BlackBerry Device Service server must set the number of incorrect password attempts before a data wipe procedure is initiated to 10 via centrally managed policy.",
127
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
128
+ "severity": "medium"
129
+ },
130
+ {
131
+ "id": "V-48567",
132
+ "title": "The BlackBerry Device Service server must enable a Work Space password via centrally managed policy.",
133
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
134
+ "severity": "medium"
135
+ },
136
+ {
137
+ "id": "V-48571",
138
+ "title": "The BlackBerry Device Service server must enable a minimum Work Space password length of six or more characters via centrally managed policy.",
139
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
140
+ "severity": "medium"
141
+ },
142
+ {
143
+ "id": "V-48573",
144
+ "title": "The BlackBerry Device Service server must set the Work Space inactivity timeout to 15 minutes via centrally managed policy.",
145
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
146
+ "severity": "medium"
147
+ },
148
+ {
149
+ "id": "V-48575",
150
+ "title": "The BlackBerry Device Service server must configure the Work Space to prohibit the download of software from a DoD non-approved source (e.g., a non-DoD operated mobile device application store or BlackBerry Device Service server).",
151
+ "description": "DoD can perform due diligence on sources of software to mitigate the risk that malicious software is introduced to those sources. Therefore, if software is downloaded from a DoD-approved source, then it is less likely to be malicious than if it is downloaded from an unapproved source. To prevent access to unapproved sources, the operating system in most cases can be configured to disable user access to public application stores.",
152
+ "severity": "medium"
153
+ },
154
+ {
155
+ "id": "V-48577",
156
+ "title": "The BlackBerry Device Service server must be configured to prevent users from performing self-service tasks.",
157
+ "description": "The overall security posture of the BlackBerry system is dependent on strict configuration management controls, including ensuring only authorized BlackBerry devices are being used and authorized devices are provisioned as required. When these configurations are not set as required, users may have the capability to activate unauthorized BlackBerry devices.",
158
+ "severity": "medium"
159
+ },
160
+ {
161
+ "id": "V-48579",
162
+ "title": "BlackBerry Web Desktop Manager must be configured to disable a users capability to perform a user-initiated backup or restore.",
163
+ "description": "The overall security posture of the BlackBerry system is dependent on strict configuration management controls, including ensuring only authorized BlackBerry devices are being used and authorized devices are provisioned as required. When these configurations are not set as required, users may have the capability to activate unauthorized BlackBerry devices.",
164
+ "severity": "low"
165
+ },
166
+ {
167
+ "id": "V-48581",
168
+ "title": "The BlackBerry Device Service server must require administrators to be authenticated with an individual authenticator prior to using a group authenticator.",
169
+ "description": "To assure individual accountability and prevent unauthorized access, MDM administrators and users (and any processes acting on behalf of users) must be individually identified and authenticated. Without individual accountability, there can be no traceability back to an individual if there were a security incident on the system. In addition, group accounts can be shared with individuals who do not have authorized access.",
170
+ "severity": "high"
171
+ },
172
+ {
173
+ "id": "V-48583",
174
+ "title": "The BlackBerry Device Service server must use organization defined replay-resistant authentication mechanisms for network access to privileged accounts.",
175
+ "description": "An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Replay attacks, if successfully used against a MDM account could result in unfettered access to the MDM settings and data records.",
176
+ "severity": "high"
177
+ },
178
+ {
179
+ "id": "V-48585",
180
+ "title": "The BlackBerry Device Service server must support administrator authentication to the server via the Enterprise Authentication Mechanisms authentication.",
181
+ "description": "In the DoD, Administrator credential requirements for authentication are defined by CTO 07-115Rev1, which is can be enforced by the Enterprise Authentication Mechanism. Non-complaint credential enforcement mechanisms make the DoD IS vulnerable to attack.",
182
+ "severity": "medium"
183
+ },
184
+ {
185
+ "id": "V-48587",
186
+ "title": "The key store password for the certificate that the BlackBerry Administration Service (BAS) and BlackBerry Web Desktop Manager (BWDM) use must be changed from the default.",
187
+ "description": "The key store password protects the server digital authentication certificates from unauthorized use.",
188
+ "severity": "medium"
189
+ },
190
+ {
191
+ "id": "V-48589",
192
+ "title": "The BlackBerry Device Service server must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.",
193
+ "description": "MDM applications utilizing encryption are required to use approved encryption modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified, and cannot be relied upon to provide confidentiality or integrity and DoD data may be compromised due to weak algorithms.",
194
+ "severity": "high"
195
+ },
196
+ {
197
+ "id": "V-48591",
198
+ "title": "The BlackBerry Device Service server must employ strong identification and authentication techniques in the establishment of non-local maintenance and diagnostic sessions.",
199
+ "description": "Lack of authentication enables anyone to gain access to the MDM. Network access control mechanisms interoperate to prevent unauthorized access and to enforce the organization's security policy. Authorization for access to the MDM to perform maintenance and diagnostics requires an individual account identifier that has been approved, assigned, and configured. Authentication of non-local maintenance and diagnostics sessions must be accomplished through two-factor authentication via the combination of passwords, tokens, and biometrics.",
200
+ "severity": "high"
201
+ },
202
+ {
203
+ "id": "V-48593",
204
+ "title": "The server PKI digital certificate installed on the BlackBerry Device Service (BDS) Server to support BlackBerry Administration Service and BlackBerry Web Desktop Manager (BWDM) authentication must be a DoD PKI issued certificate.",
205
+ "description": "When a self signed PKI certificate is used, a rogue BDS server can impersonate the DoD BDS server during SA connections to the BAS or when a BlackBerry user uses BWDM to connect to the BAS. In addition, DoDI 8520-02 requires PKI certificates come from a trusted DoD PKI.",
206
+ "severity": "low"
207
+ },
208
+ {
209
+ "id": "V-48599",
210
+ "title": "The BlackBerry Device Service server must allow only Work Space contacts to be read from a native Personal Space application via centrally managed policy.",
211
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. If this control is not available, sensitive DoD data stored inside the security container could be exposed if it is copied to a non-secure area on the device.",
212
+ "severity": "low"
213
+ },
214
+ {
215
+ "id": "V-48601",
216
+ "title": "The BlackBerry Device Service server must enforce the minimum password length for the Personal Space password to 4 digits via centrally managed policy.",
217
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
218
+ "severity": "low"
219
+ },
220
+ {
221
+ "id": "V-48603",
222
+ "title": "The BlackBerry Device Service server must disable the mobile device users access to BlackBerry World for Work Space and only allow access to apps published from BlackBerry Device Service.",
223
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
224
+ "severity": "medium"
225
+ },
226
+ {
227
+ "id": "V-48605",
228
+ "title": "The BlackBerry Device Service server must force the display of a warning banner on the lock screen of the mobile device via centrally managed policy.",
229
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately. \nThe warning banner must be displayed before or immediately after the user successfully unlocks the mobile device or unlocks a secure application where sensitive DoD data is stored: \"I've read & consent to terms in IS user agreem't.\" (Wording must be exactly as specified.)",
230
+ "severity": "medium"
231
+ },
232
+ {
233
+ "id": "V-48607",
234
+ "title": "The BlackBerry Device Service server must disable any mobile OS service that connects to a cloud storage server via centrally managed policy.",
235
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
236
+ "severity": "high"
237
+ },
238
+ {
239
+ "id": "V-48609",
240
+ "title": "The BlackBerry Device Service server must direct all Work Space application traffic through the BlackBerry Device Service server via centrally managed policy.",
241
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
242
+ "severity": "high"
243
+ },
244
+ {
245
+ "id": "V-48611",
246
+ "title": "The BlackBerry Device Service server must disallow Personal Space applications access to the Work Space network connection via centrally managed policy.",
247
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
248
+ "severity": "medium"
249
+ },
250
+ {
251
+ "id": "V-48613",
252
+ "title": "The BlackBerry Device Service server must have the administrative functionality disallow hyperlinks within Work Space applications from opening within the Personal Space browser application via centrally managed policy.",
253
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
254
+ "severity": "medium"
255
+ },
256
+ {
257
+ "id": "V-48617",
258
+ "title": "The BlackBerry Device Service server must disable any mobile OS service that connects to a cloud-based service via centrally managed policy.",
259
+ "description": "Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.",
260
+ "severity": "high"
261
+ }
262
+ ]
263
+ }