UCF STIG Viewer Logo

The mobile operating systems Bluetooth module must support the capability for a system administrator to create a non-user-modifiable white list of Bluetooth devices that are authorized to pair to the mobile device.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33779 SRG-OS-000147-MOS-000078 SV-44204r1_rule Low
Description
If a rogue device can connect to the mobile device, there is the potential for the rogue device to obtain sensitive information. One mechanism for preventing this occurrence is to enforce a white list of devices that are permitted to pair to the mobile device. Devices not on the white list will not be able to pair with the mobile device and therefore cannot communicate with it or obtain sensitive information from it.
STIG Date
Mobile Operating System Security Requirements Guide 2013-07-03

Details

Check Text ( C-41836r1_chk )
Examine the operating system configuration to verify the presence of a white list of Bluetooth devices authorized to pair to the mobile device. If the operating system does not support this functionality, this is a finding. If the operating system supports the white list functionality, attempt to pair a test Bluetooth device not on the white list with the mobile device. If it successfully pairs, this is a finding.
Fix Text (F-37678r1_fix)
Configure the mobile operating system's Bluetooth module to support the capability for a system administrator to create a non-user-modifiable white list of Bluetooth devices that are authorized to pair to the mobile device.