Rule ID
SV-50554r1_rule
Version
V1R2
CCIs
CCI-001159
If unauthorized device authentication certificates are installed on the device, there is the potential that the device may connect to a rogue device or network. Rogue devices can mimic the behavior of authorized equipment to trick the user into providing authentication credentials, which could then in turn be used to compromise DoD information and networks. Restricting device authentication certificates to an authorized list mitigates the risk of attaching to rogue devices and networks.
Navigate to "Options -> Security -> Certificates". Select each certificate listed under "All Certificates". In "Certificate Details", ensure "Issued By" states appropriate DoD certificate authority, or the certificate itself has been approved by DoD. Otherwise, this is a finding.
On BlackBerry Device Service Server: Remove the corresponding .pem file from <drive>:\<shared_network_folder>\Shared\Certificates\<ENTERPRISE/VPN/WIFI/www> folder.