Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19313 | WIR1040-05 | SV-21230r2_rule | ECSC-1 | Low |
Description |
---|
Non-secure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack. |
STIG | Date |
---|---|
BlackBerry OS (version 5-7) Security Technical Implementation Guide | 2014-06-11 |
Check Text ( C-23357r2_chk ) |
---|
Detailed Policy Requirements: When the BlackBerry Bluetooth Smart Card Reader (SCR) is used as a PC SCR, the following requirements must be followed: - Bluetooth radios installed in site PCs must be Class 2 or 3. Class 1 (100 mW) Bluetooth radios are not allowed. Note for IAOs: To determine the “class” rating of the Bluetooth radio, look under the specification section of the Bluetooth Network Interface Card manual, which can be downloaded from the laptop vendor’s web site or the Bluetooth dongle vendor’s web site. Nearly all internal laptop Bluetooth radios are Class 2 or 3, and many Bluetooth dongle radios are Class 1. Check Procedures: Perform the following checks on site PCs used with the BlackBerry Bluetooth SCR: - Interview the IAO to verify only Bluetooth Class 2 or 3 radios are used in site PCs. Have the IAO or site BlackBerry Administrator show for a sample of PCs the Bluetooth radio is not a Class 1 radio by providing a copy of the Bluetooth radio specification sheet. |
Fix Text (F-23344r1_fix) |
---|
BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements. |