The Navy has implemented tougher security settings for BlackBerry devices used by naval personnel. Administrators for the Navy-Marine Corps Intranet activated the new settings Oct. 17 for the Navy and Oct. 23 for the Marine Corps.
The Office of the Department of the Navy’s Chief Information Officer based its strengthened security configuration on Wireless Security Technical Implementation Guide (STIG) BlackBerry Security Checklist v5, Release 1.2, published May 23 by the Defense Information Systems Agency, and on additional guidance from the Marine Corps and Navy Designated Approving Authority. The new settings work with readers used to access the Navy-Marine Corps Intranet with Common Access Cards, according to the CIO’s office.
The changes to the Navy’s BlackBerry security settings were implemented to protect the devices against unauthorized access and to turn off features that potentially compromised their security. Users received a message on their devices that the new settings had taken effect, and that users did not have to change the settings because the Navy would automatically reset the security settings of all of its devices through updates on the Navy’s BlackBerry Enterprise Server.
The devices will still require a five-character password, incorporating at least one alpha and one numeric character, which users must change every 90 days.
The new settings disabled features and services, including instant messaging services, unencrypted peer-to-peer (PIN-to-PIN) messaging services, the Blackberry Instant Messenger tool, the Global Positioning System tracking feature and the Application Loader and third-party application download capability.
In addition, the Navy strengthened the lock-and-erase feature on the devices so that after five unsuccessful log-in attempts they will enter lock mode and erase all locally stored data. Once a device is locked, its owner will have to contact the Navy’s service desk to access the device and reset its password. While the devices are locked, users will be allowed to make and receive phone calls, although access to the devices’ stored phone book will be blocked.
Also, the increased security settings will turn off the devices’ antennae while they are connected to a desktop computer via a USB cable to disable phone and e-mail communications. While the devices are connected all phone calls will go directly to a user’s voice mail, and all pending e-mails will be delivered after the device is disconnected.