The site must have a written policy or training materials stating Bluetooth must be disabled on all applicable devices unless they employ FIPS 140-2 validated cryptographic modules for data-in-transit.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-30360	WIR0401	SV-40017r1_rule	ECCT-1	Low

Description
Policy and training provide assurance that security requirements will be implemented in practice. Failure to use FIPS 140-2 validated cryptography makes data more vulnerable to security breaches.

STIG	Date
Bluetooth/Zigbee Security Technical Implementation Guide (STIG)	2014-03-18

Details

Check Text ( C-39030r1_chk )
NOTE: this check only applies to sites using Bluetooth or Zigbee radios. Interview the IAO and verify a written policy or training materials exists stating that Bluetooth (or Zigbee) will be disabled on all applicable devices unless they employ FIPS 140-2 validated cryptographic modules for data-in-transit. Mark as a finding if policy does not exist or if it does not adequately cover the requirement.

Check Text ( C-39030r1_chk )

NOTE: this check only applies to sites using Bluetooth or Zigbee radios.

Interview the IAO and verify a written policy or training materials exists stating that Bluetooth (or Zigbee) will be disabled on all applicable devices unless they employ FIPS 140-2 validated cryptographic modules for data-in-transit.
Mark as a finding if policy does not exist or if it does not adequately cover the requirement.

Fix Text (F-34126r1_fix)
The IAO will ensure there is a policy or training materials prohibiting use of Bluetooth data transmission without FIPS 140-2 validated cryptographic modules.