The mobile operating systems Bluetooth stack must use 128-bit Bluetooth encryption when performing data communications with other Bluetooth devices.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33140 | SRG-OS-000160-MOS-000081 | SV-43538r1_rule | Medium |
| Description |
|---|
| If data traffic is sent unencrypted, an adversary may be able to read it to obtain sensitive information. 128-bit Bluetooth encryption for data communications mitigates the risk of unauthorized eavesdropping. DoD has determined that FIPS 140-2 validated encryption is not required for voice communications. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-41399r1_chk ) |
|---|
| Review system documentation and operating system configuration to verify the device's Bluetooth stack supports 128-bit Bluetooth encryption and uses it for all data connections. If the Bluetooth module does not support 128-bit Bluetooth encryption or does not use it when connecting with other devices for data communications, this is a finding. |
| Fix Text (F-37040r1_fix) |
|---|
| Configure the mobile operating system's Bluetooth stack to use 128-bit encryption. |