UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The cryptographic module supporting Bluetooth data communications must be FIPS 140-2 validated.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33157 SRG-OS-000170-MOS-000093 SV-43555r1_rule Medium
Description
The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation provides assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement for use of cryptography in the Federal Government. Note: Bluetooth standards are being revised to specify cryptographic algorithms for which it is possible to obtain FIPS 140-2 validation for implementations of those algorithms. However, mobile devices are currently required to use Bluetooth modules that are FIPS 140-2 validated.
STIG Date
Mobile Operating System Security Requirements Guide 2013-07-03

Details

Check Text ( C-41417r1_chk )
Review system documentation to identify the FIPS 140-2 certificate for the cryptographic module. Visit the NIST web site http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm to verify the certificate is still valid. If the module is not currently FIPS validated, this is a finding. If the cryptographic module is not operating in FIPS mode, this is a finding.
Fix Text (F-37057r1_fix)
Configure the mobile operating system's cryptographic module supporting Bluetooth data communications to be FIPS 140-2 validated.