UCF STIG Viewer Logo

Google Android 12 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP).


Overview

Finding ID Version Rule ID IA Controls Severity
V-250437 GOOG-12-009400 SV-250437r802675_rule Low
Description
Some Bluetooth profiles provide the capability for remote transfer of sensitive DoD data without encryption or otherwise do not meet DoD IT security policies and therefore must be disabled. SFR ID: FMT_SMF_EXT.1.1/BLUETOOTH BT-8
STIG Date
Google Android 12 COPE Security Technical Implementation Guide 2021-09-17

Details

Check Text ( C-53872r802673_chk )
Determine if the AO has approved the use of Bluetooth at the site.

If the AO has not approved the use of Bluetooth, verify Bluetooth has been disabled.

On the EMM console:

COBO:

1. Open "User restrictions" section.
2. Verify that "Disallow Bluetooth" is toggled to ON.

COPE:

1. Open "User restrictions on parent" section.
2. Verify that "Disallow Bluetooth" is toggled to ON.

On the managed Google Android 12 device:

COBO and COPE:

1. Go to Settings >> Connected Devices >> Connection Preferences >> Bluetooth.
2. Verify that "Use Bluetooth" is set to OFF and cannot be toggled to ON.

If the AO has approved the use of Bluetooth, on the managed Android 12 device:

1. Go to Settings >> Connected Devices.
2. Verify only approved Bluetooth connected devices using approved profiles are listed.

If the AO has not approved the use of Bluetooth, and Bluetooth use is not disabled via an EMM-managed device policy, this is a finding.

If the AO has approved the use of Bluetooth, and Bluetooth devices using unauthorized Bluetooth profiles are listed on the device under "Connected devices", this is a finding.
Fix Text (F-53826r802674_fix)
Configure the Google Android 12 device to disable Bluetooth or if the AO has approved the use of Bluetooth (for example, for car hands-free use), train the user to connect to Only authorized Bluetooth devices using only HSP, HFP, or SPP Bluetooth capable devices (UBE).

To disable Bluetooth use the following procedure:

On the EMM Console:

COBO:

1. Open "User restrictions" section.
2. Toggle "Disallow Bluetooth" to ON.

COPE:

1. Open "User restrictions on parent" section.
2. Toggle "Disallow Bluetooth" to ON.

The user training requirement is satisfied in requirement GOOG-12-009800.