Free DISA STIG and SRG Library | Vaulted

V-11870

Onset Technologies METAmessage software must not be installed on DoD BlackBerry devices or on the BES.

Finding ID
WIR1050-01
Rule ID
SV-12370r3_rule
Severity
Cat I
CCE
(None)
Group Title
METAmessage not installed on BlackBerry device
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

Onset Technologies METAmessage software is production software which may introduce a virus or other malicious code on the system. This software is not approved for use on DoD systems.

Fix Text

Remove Onset Technologies METAmessage software installed on DoD BlackBerry devices or on the BES.

Check Content

Perform the following procedures on the BES and a sample of BlackBerry devices (use 2-3 devices for a random sample) as appropriate. Check a sample of BlackBerry devices (Settings >> Options >> Advanced Options >> Applications) to ensure the METAmessage application is not loaded on the BlackBerry device. On the BES, have the BlackBerry Administrator show that the BES Application White List does not contain the application. This review should be performed at the same time checks WIR1310-01, WIR1310-02, and WIR1310-03 are reviewed so work is not duplicated. View the list of applications assigned to 3-4 samples Application White List software configurations assigned to users. Verify METAmessage is not listed. The METAmessage application allows the user to open and create Microsoft Office files, such as MS Word or Excel attachments or documents. These documents can then be sent via email, saved, or printed. This application presents a security risk and is not allowed for use in DoD. Verify this software application is not used by interviewing the ISSO or reviewing a sampling of the devices.

Responsibility

System Administrator

IA Controls

ECWN-1