UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The site must have a written policy or training materials stating Bluetooth must be disabled on all applicable devices unless they employ FIPS 140-2 validated cryptographic modules for data-in-transit.


Overview

Finding ID Version Rule ID IA Controls Severity
V-30360 WIR0401 SV-40017r1_rule ECCT-1 Low
Description
Policy and training provide assurance that security requirements will be implemented in practice. Failure to use FIPS 140-2 validated cryptography makes data more vulnerable to security breaches.
STIG Date
Bluetooth/Zigbee Security Technical Implementation Guide (STIG) 2014-03-18

Details

Check Text ( C-39030r1_chk )
NOTE: this check only applies to sites using Bluetooth or Zigbee radios.

Interview the IAO and verify a written policy or training materials exists stating that Bluetooth (or Zigbee) will be disabled on all applicable devices unless they employ FIPS 140-2 validated cryptographic modules for data-in-transit.
Mark as a finding if policy does not exist or if it does not adequately cover the requirement.
Fix Text (F-34126r1_fix)
The IAO will ensure there is a policy or training materials prohibiting use of Bluetooth data transmission without FIPS 140-2 validated cryptographic modules.