1. Bla1ze's Avatar
    Although BlackBerry has yet to update the official changelog, they have updated the changes in security features.

    NIAP certification
    BlackBerry 10 OS version 10.3.3 is certified by NIAP (National Information Assurance Partnership) under the CCRA (Common Criteria Recognition Arrangement) for the Protection Profile for Mobile Device Fundamentals Version 2.0 and the Protection Profile for IPsec Virtual Private Network (VPN) Clients Version 1.4.

    These internationally recognized standards signify that BlackBerry 10 OS version 10.3.3 meets the highest levels of security.

    For more information about NIAP, visit https://www.niap-ccevs.org/.

    For more information about the Common Criteria, visit Common Criteria : New CC Portal.

    Anti-exploitation services

    When a device is running in NIAP mode, no page of physical memory can have simultaneous Write and Execute permissions.

    Cryptographic key zeroization

    When a device is running in NIAP mode, all plaintext secret and private cryptographic keys and critical security parameters are zeroized when they are no longer required.

    Bluetooth user authorization

    When a device is running in NIAP mode, the user is prompted to choose which profiles a paired Bluetooth device can connect to. This can help prevent unwanted data disclosure.

    Enhanced logging
    When a device is running in NIAP mode, administrators can collect information about the following activities from the device's logs:

    • Certification validation failures
    • TLS connection success and failure
    • Device wipe success and failure
    • Key generation failure
    • Randomization process failure
    • Encryption and decryption success and failure
    • Bluetooth authorization
    • User change password authentication
    • State of certification enrollment request
    • Change of setting
    • Initiation of software update
    • Unenrollment
    • Integrity violation
    • Attempt to connect to access point


    Certificate store

    Separate personal and enterprise certificate stores allow administrators to have full control over the root certificates trusted on the device without affecting the certificates in the user's personal space.

    Prevent user
    unenrollment

    Administrators can prevent a user from unenrolling from MDM controls so that a device remains under enterprise control at all times.

    This prevents users from wiping their devices to conduct illicit activities and then re-enrolling afterward.

    Suite B compliance

    When a device is running in NIAP mode, users can only initiate TLS sessions with certificates that conform to Suite B profile RFC 5759.

    CertMgr API

    Authorized partners can develop applications that take advantage of secure certificate storage on the device.

    ADARP performance improvements

    ADARP (advanced data at rest protection) performance is improved when a device is locked.

    Dual layer DAR encryption

    A third party DAR (data at rest) provider can be installed on the device to provide a second, independent layer of encryption.

    The DAR provider requires a signed system permission from BlackBerry and must be installed by a BES administrator.

    VPN enhancements

    VPN enhancements in this release include:

    • MOBIKE support for all enterprise VPNs
    • Event auditing
    • x.509v3 certificate support
    • Improved crypto signature and hashing


    "Allow microphone" IT policy rule

    For situations where a recording device is prohibited, turning off the "Allow microphone" IT policy rule prevents all applications from accessing the device microphone, including the Phone app.

    "Hotspot Browser timeout" IT policy rule

    The "Hotspot Browser timeout" IT policy rule lets administrators specify how long a hotspot browser connection will remain open without user login. When the specified time elapses, the connection is closed.
    http://help.blackberry.com/en/blackb...540073663.html
    12-27-16 06:49 PM
  2. thurask's Avatar
    So still irrelevant to 99% of end users.
    bibbula, Velocitymj and YeemanBB like this.
    12-27-16 06:56 PM
  3. Bla1ze's Avatar
    So still irrelevant to 99% of end users.
    Spot on ol' chap.
    bibbula and YeemanBB like this.
    12-27-16 06:59 PM
  4. bathu's Avatar
    How to run the device in NIAP mode?

    Posted via CB10
    StephanieMaks likes this.
    12-27-16 07:48 PM
  5. conite's Avatar
    How to run the device in NIAP mode?

    Posted via CB10
    It's not selectable. The OS is NIAP certified as it is.
    12-27-16 08:17 PM
  6. bathu's Avatar
    It's not selectable. The OS is NIAP certified as it is.
    Then what's that ' when a device is running in NIAP mode'?

    Posted via CB10
    12-27-16 08:30 PM
  7. conite's Avatar
    Then what's that ' when a device is running in NIAP mode'?

    Posted via CB10
    Boilerplate definition.
    12-27-16 08:34 PM
  8. joeldf's Avatar
    Then what's that ' when a device is running in NIAP mode'?

    Posted via CB10
    It has to be tied into a device management system like BES/Good, or whatever BlackBerry is calling the whole suite of solutions now. They announced something about it a few weeks back.

    Posted via CB10
    12-27-16 09:29 PM
  9. brookie229's Avatar
    I have an acronym migraine-
    12-27-16 09:50 PM
  10. akavbb's Avatar
    So still irrelevant to 99% of end users.
    So what?
    Koodos for releasing it.
    Even though it hasn't reached OTA all of us.
    I'll be waiting for a while and then I'll use one of the alternative methods.
    Thanks Blaize for sharing the information.


    Nothing like my SE.
    12-27-16 09:50 PM
  11. conite's Avatar
    It has to be tied into a device management system like BES/Good, or whatever BlackBerry is calling the whole suite of solutions now. They announced something about it a few weeks back.

    Posted via CB10
    That's not my understanding. 10.3.3 has been separately certified.
    akavbb likes this.
    12-27-16 10:07 PM
  12. joeldf's Avatar
    That's not my understanding. 10.3.3 has been separately certified.
    It's every note about "administrators" in the description that tells me there's another component needed - the "administrator". That's the MDM side.

    Posted via CB10
    12-28-16 12:05 PM
  13. conite's Avatar
    It's every note about "administrators" in the description that tells me there's another component needed - the "administrator". That's the MDM side.

    Posted via CB10
    An administrator can deploy devices without using an emm solution.
    12-28-16 12:12 PM
  14. Drenegade's Avatar
    So there must be organizations that have committed to BB10 somewhat long term that are taking advantage of these new features then?

    Posted via CB10
    12-28-16 12:18 PM
  15. hobgoblin1961's Avatar
    So there must be organizations that have committed to BB10 somewhat long term that are taking advantage of these new features then?

    Posted via CB10
    Yep bankster, governments, and other big business gangster as well as global dealers just to mention a few, but mostly circles who prefer to act in secret, Politician and other maniacs for instant afraid for any truth to be leaked to the public for a start.
    All this special security is not meant for commonly folks, they're tuned in on entertainment provided by Apple and Droid instead.

    Posted via -Passport -Classic / OS-10.3.++ is all you need
    Last edited by hobgoblin1961; 12-28-16 at 02:51 PM.
    matthewkuhl likes this.
    12-28-16 02:17 PM
  16. Dunt Dunt Dunt's Avatar
    So there must be organizations that have committed to BB10 somewhat long term that are taking advantage of these new features then?

    Posted via CB10
    Don't you feel sorry for anyone that in 2015 or 2016 talked their company into committing to BB10 "long term"....


    I expect if they asked for NIAP from BlackBerry almost 18 months ago... their plans have since changed.
    Lostboy5151 likes this.
    12-28-16 02:55 PM
  17. Rendergroup's Avatar
    VPN Enhancements.... but I still cannot connect to Hide.me VPN service :/

    Posted via CB10
    12-28-16 03:25 PM
  18. anon(9742832)'s Avatar
    Although BlackBerry has yet to update the official changelog, they have updated the changes in security features.



    What's new - New security features - latest
    Great update, thank you for posting the full release. I see multiple changes that would hose Link. For most people nothing new, but for some its a big step forward.
    12-28-16 04:56 PM
  19. StephanieMaks's Avatar
    "When a device is running in NIAP mode..." certainly makes it sound like there's another, non-NIAP mode that the device can be in.

    I think Joeldf is correct, to get the device in "NIAP mode" it probably has to be on an MDM in some way. Otherwise why would they state that disclaimer for all those security enhancments?

    If "NIAP mode" equals "10.3.3" then why not just say "When the device is running 10.3.3..." instead? Or just not put a disclaimer at all, like for the points that don't specifically mention "NIAP mode"?
    12-29-16 06:25 AM
  20. conite's Avatar

    If "NIAP mode" equals "10.3.3" then why not just say "When the device is running 10.3.3..." instead? Or just not put a disclaimer at all, like for the points that don't specifically mention "NIAP mode"?
    Because this boilerplate definition is used for all NIAP devices. Just my guess anyway. I'm not sure either.
    Lostboy5151 likes this.
    12-29-16 08:21 AM
  21. Lostboy5151's Avatar
    Because this boilerplate definition is used for all NIAP devices. Just my guess anyway. I'm not sure either.

    I feel much safer now!!
    12-29-16 05:46 PM
  22. anon(9742832)'s Avatar
    I feel much safer now!!
    SHOCKING !!!
    Lostboy5151 likes this.
    12-30-16 03:03 PM
  23. Lostboy5151's Avatar
    SHOCKING !!!
    I tend to have that effect on humans. (it's a gift!!)
    12-30-16 09:31 PM
  24. Lostboy5151's Avatar
    Don't you feel sorry for anyone that in 2015 or 2016 talked their company into committing to BB10 "long term"....
    I expect if they asked for NIAP from BlackBerry almost 18 months ago... their plans have since changed.
    Ya know, I have that (feeling sorry thingy) on my list of things to contemplate but it's W A Y down the list, so for now,
    my first thought would be " I couldn't care less" or more... which ever works better at not caring.

    But thanks for asking!!
    12-30-16 09:38 PM
  25. anon(9742832)'s Avatar
    I tend to have that effect on humans. (it's a gift!!)
    LOL !!!!
    Lostboy5151 likes this.
    12-31-16 11:24 AM

Similar Threads

  1. Win a free BlackBerry of your choice in our CrackBerry Santa Contest!!
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 4
    Last Post: 01-19-17, 03:08 PM
  2. BlackBerry Passport through the border
    By ryder55 in forum BlackBerry Passport
    Replies: 92
    Last Post: 01-11-17, 04:10 AM
  3. BlackBerry Ltd Progress
    By seko vimbelo in forum Ask a Question
    Replies: 4
    Last Post: 12-28-16, 04:42 PM
  4. Fixed bugs from 10.3.2
    By michaelgo101 in forum BlackBerry 10 OS
    Replies: 3
    Last Post: 12-27-16, 07:11 PM
  5. how do I move apps and info from an android device to a blackberry dtek50
    By CrackBerry Question in forum Ask a Question
    Replies: 2
    Last Post: 12-27-16, 03:35 PM
LINK TO POST COPIED TO CLIPBOARD