The organization must only use Class 2 or 3 radios when employing Bluetooth communications.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-MPOL-006	SRG-MPOL-006	SRG-MPOL-006_rule		Low

Description
A key security control for DoD Bluetooth devices is to limit the broadcast area of the Bluetooth signal to the personal area of the user (approximately 30 feet or less). Class 1 radios broadcast at a higher power and are inherently more vulnerable than Class 2 or 3 radios. The Class 1 radio signal is broadcast much farther; therefore, an adversary can be much farther away to intercept or monitor the transmission.

Description

A key security control for DoD Bluetooth devices is to limit the broadcast area of the Bluetooth signal to the personal area of the user (approximately 30 feet or less). Class 1 radios broadcast at a higher power and are inherently more vulnerable than Class 2 or 3 radios. The Class 1 radio signal is broadcast much farther; therefore, an adversary can be much farther away to intercept or monitor the transmission.

STIG	Date
Mobile Policy Security Requirements Guide	2012-10-10

Details

Check Text ( C-SRG-MPOL-006_chk )
Review the concept of operations or security policy on the use of Bluetooth devices and determine what class of radio is being utilized. If a Class 1 radio is utilized in Bluetooth devices, this is a finding.

Fix Text (F-SRG-MPOL-006_fix)
Ensure Bluetooth devices use only Class 2 or 3 standard radios.