BES Bluetooth controls are compliant with requirements. IT Policy rule “Disable Bluetooth” (Bluetooth policy group) will be set as required.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-14198 | WIR1405-01 | SV-14809r10_rule | ECSC-1 | Medium |
| Description |
|---|
| Bluetooth usage could provide an attack vector for a hacker to connect to a BlackBerry device without the knowledge of the user. DoD data would then be vulnerable. |
| STIG | Date |
|---|---|
| BlackBerry Enterprise Server, Part 3 Security Technical Implementation Guide | 2011-04-11 |
Details
| Check Text ( C-14984r5_chk ) |
|---|
| Detailed Policy Requirements: DoD BlackBerry users must apply the following Bluetooth controls: - Bluetooth data transmissions, such as syncing to the desktop or transfer of data files, on wireless email devices are disabled except for the Bluetooth CAC reader (i.e., Bluetooth SmartCard Reader [SCR]). - Bluetooth for voice transmissions, such as the Bluetooth headset, is not authorized. Both the Bluetooth Handsfree and Headset profiles must be disabled. ***** For this check, set IT Policy rule “Disable Bluetooth” (Bluetooth policy group) to “Yes”/ “TRUE” or “No”/“FALSE”, depending on if the Bluetooth Smart Card Reader (SCR) is used at the site. Check Procedures: This is a BES IT Policy check. Recommend that all checks related to BES IT policies be reviewed using the procedure in Check WIR1400-01 (V0003545). *****Verify IT Policy rule “Disable Bluetooth” (Bluetooth policy group) is set as required. |
| Fix Text (F-23386r1_fix) |
|---|
| Configure the IT Policy rule as specified in the "Checks" block. |