Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The mobile device Bluetooth radio must only connect to authorized Bluetooth peripherals.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25019 | WIR-MOS-iOS-040-01 | SV-34930r3_rule | ECWN-1 | Medium |
| Description |
|---|
| The Bluetooth radio can be used by a hacker to connect to the iOS device without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave. |
| STIG | Date |
|---|---|
| Apple iOS 6 Security Technical Implementation Guide (STIG) | 2013-05-23 |
Details
| Check Text ( C-31220r5_chk ) |
|---|
| The list of Bluetooth devices the iOS device has connected to should only contain authorized smart card readers (SCR) and headsets. Currently, only Bluetooth SCRs and headsets manufactured by Biometric Associates (BAI) have been approved. On a sample of site-managed iOS devices (pick 3-4 random devices), verify the iOS device has only been connected to authorized Bluetooth peripherals. -Have the user log into the device. -Go to Settings > Bluetooth. -Verify only approved devices are listed under “Devices”. Mark as a finding if unauthorized peripherals have been connected to the iOS device. |
| Fix Text (F-27690r3_fix) |
|---|
| Train the user to not connect the iOS device to unauthorized Bluetooth peripherals. |