Rule ID
SV-50543r1_rule
Version
V1R2
CCIs
Permitting mobile service carriers access to the mobile operating system leaves the device vulnerable to breach from rogue elements within the carrier infrastructure. Mobile service carriers are not subject to the same personnel, operational, and technical controls as DoD organizations. For example, its employees in most cases do not have active DoD clearances. When a mobile service carrier must update software or configuration on a mobile device, these updates must come from a DoD approved source, which in many cases is the vendor of the MOS software. Preventing mobile service carrier access to mobile operating systems greatly mitigates the risk associated with this vulnerability. Research In Motion does not pre-install any software that would allow carriers to access or manipulate a BlackBerry device. As well, all applications available through App World are tested and monitored for malicious code, and applications must be signed by RIM to allow them to be installed on a BlackBerry Device, and these applications and their permissions must be acknowledged by the user or system administrator before they can be installed.
Navigate to "Options -> Security -> Application Permissions" and select each application listed, and ensure only DoD authorized permissions (Files, GPS Location, Camera, etc.) for this application is set to "Allowed" or "Prompt", with non-authorized permissions set to "Denied". Otherwise, this is a finding.
Navigate to "Options -> Security -> Application Permissions" and select each application listed, and set only DoD authorized permissions (Files, GPS Location, Camera, etc.) for this application to "Allowed" or "Prompt", with non-authorized permissions set to "Denied".