The organization must have a written policy or training materials stating Bluetooth must be disabled on all applicable devices unless they employ FIPS 140-2 validated cryptographic modules for data in transit.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-MPOL-014 | SRG-MPOL-014 | SRG-MPOL-014_rule | Low |
| Description |
|---|
| Policy and training provide assurance that security requirements will be implemented in practice. Failure to use FIPS 140-2 validated cryptography makes data more vulnerable to security breaches as the data is unencrypted and in clear text. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2012-10-10 |
Details
| Check Text ( C-SRG-MPOL-014_chk ) |
|---|
| This check only applies to sites using Bluetooth or ZigBee radios. Verify a written policy or training materials exists stating that Bluetooth (or ZigBee) will be disabled on all applicable devices unless they employ FIPS 140-2 validated cryptographic modules for data in transit. If a policy does not exist or if it does not adequately cover the requirement, this is a finding. |
| Fix Text (F-SRG-MPOL-014_fix) |
|---|
| Ensure there is a policy or training materials prohibiting use of Bluetooth data transmission without FIPS 140-2 validated cryptographic modules. |