UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization must use FIPS 140-2 validated cryptographic modules for transmitting unclassified DoD data in transit on Bluetooth (or ZigBee) devices.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-MPOL-008 SRG-MPOL-008 SRG-MPOL-008_rule Medium
Description
FIPS validation provides assurance that the cryptographic modules are implemented correctly and resistant to compromise. Failure to use FIPS 140-2 validated cryptographic modules makes it more likely that sensitive DoD data will be exposed to unauthorized individuals.
STIG Date
Mobile Policy Security Requirements Guide 2012-10-10

Details

Check Text ( C-SRG-MPOL-008_chk )
If the site uses Bluetooth (or ZigBee) for data or voice communications, check a sample (3-4) of Bluetooth (or ZigBee) enabled devices and note their make and model. Examine the associated product documentation to determine if the devices employ FIPS 140-2 validated cryptographic modules for data in transit, to include digital voice communications. This should be accomplished by reviewing the relevant FIPS certificate in the product documentation or the NIST web site.

If any Bluetooth (or ZigBee) device does not have a FIPS 140-2 validated cryptographic module supporting encryption of data in transit, this is a finding.

Note: This check also applies to Bluetooth voice and wireless USB (WUSB) devices. However, this check does not apply to ZigBee telemetry sensor data or other ZigBee data where the IAO has determined the data is not sensitive.
Fix Text (F-SRG-MPOL-008_fix)
Disable Bluetooth or utilize only those Bluetooth devices that employ FIPS 140-2 validated cryptographic modules for data in transit.