Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-26508 | WIR1045-01 | SV-33354r2_rule | ECSC-1 | Medium |
Description |
---|
Bluetooth usage could provide an attack vector for a hacker to connect to a BlackBerry device without the knowledge of the user. DoD data would then be vulnerable. |
STIG | Date |
---|---|
BlackBerry OS (version 5-7) Security Technical Implementation Guide | 2014-06-11 |
Check Text ( C-33857r2_chk ) |
---|
Detailed Policy Requirements: The following Bluetooth headset and handsfree devices are approved: Biometric Associates, LP (BAL) blueARMOR family of headsets (blueARMOR 100, blueARMOR 105, and blueARMOR 200) with firmware version 1.5.x. Check Procedures: For the BAL headset, the only way to verify the device model number and firmware version is to check the Bluetooth device name of a paired headset. Have the user pair the device to the BlackBerry, if not already paired. On the BlackBerry handheld, go to Options > Networks and Connections > Bluetooth Connections and check the list of paired devices. The device name should be in the form of baiMobileBA100 V1.5.0. The reviewer should check a sample of BlackBerry devices at the site (2-3) and verify compliance. Note: If the site uses the FIXMO Sentinel Enterprise integrity verification tool, checking BlackBerry handhelds is not required. Have the system administrator show that the Sentinel server is configured to audit paired Bluetooth devices on site managed BlackBerry handhelds. |
Fix Text (F-29526r1_fix) |
---|
Use only approved Bluetooth headset and handsfree devices. |