BlackBerry devices must be protected by authenticated login procedures to unlock the device. Either CAC or Password authentication is required. The device password must not contain more than two sequential characters or more than two repeating characters.

From BlackBerry Enterprise Server (version 5.x), Part 3 Security Technical Implementation Guide

Part of Authenticated login procedures -12

Associated with IA controls: ECSC-1, IAIA-1

SV-49134r3_rule BlackBerry devices must be protected by authenticated login procedures to unlock the device. Either CAC or Password authentication is required. The device password must not contain more than two sequential characters or more than two repeating characters.

Vulnerability discussion

Authenticated device unlock is a key security control for the BlackBerry system to restrict access to DoD data by unauthorized individuals. If the password complexity is not compliant, it may be possible for a hacker to guess the password.

Check content

This requirement can only be met via User Based Enforcement (UBE) at this time. Consult with the user to ensure there are no more than two sequential characters (for example, abc) or no more than two repeating characters (for example, 222) in the password. If the device password contains more than two sequential characters or more than two repeating characters, this is a finding.

Fix text

Configure the device password so that there are no more than two sequential characters or no more than two repeating characters.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.