Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19311 | WIR1040-03 | SV-21228r2_rule | ECSC-1 | Medium |
Description |
---|
Non-secure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack. |
STIG | Date |
---|---|
BlackBerry OS (version 5-7) Security Technical Implementation Guide | 2014-06-11 |
Check Text ( C-23355r2_chk ) |
---|
Detailed Policy Requirements: When the BlackBerry Bluetooth Smart Card Reader (SCR) is used as a PC SCR, the following requirements must be followed: - At the time of the publication of this document, the use of the BlackBerry SCR for authentication with PCs is only authorized with PCs that have Microsoft Windows XP. The Microsoft Vista and Windows 7 Bluetooth stack has not yet been tested with the BlackBerry SCR to determine if Bluetooth device pairing can be done in a secure manner and meets DoD security requirements. Check Procedures: Perform the following checks on site PCs used with the BlackBerry Bluetooth SCR: - Interview the IAO and SA and verify the BlackBerry SCR is not used with Windows Vista and Windows 7. BlackBerry users with Vista or Windows 7 on their PCs must be put in the BlackBerry users group not authorized to use the BlackBerry SCR with their PCs. |
Fix Text (F-23344r1_fix) |
---|
BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements. |