UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization must not use wireless personal area network devices and near field communications (NFC), such as Bluetooth and ZigBee, to send, receive, store, or process classified information.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-MPOL-067 SRG-MPOL-067 SRG-MPOL-067_rule High
Description
Classified data could be compromised since wireless personal area network and near field communications devices, such as Bluetooth and ZigBee, do not meet DoD encryption requirements for classified data.
STIG Date
Mobile Policy Security Requirements Guide 2012-10-10

Details

Check Text ( C-SRG-MPOL-067_chk )
Verify compliance by reviewing the user agreement or security briefing to ensure personnel have been properly instructed on the policy that states that wireless personal area network (PAN) devices such as Bluetooth and ZigBee cannot be used for, or around classified processing. If the user agreement or security briefing does not exist, this is a finding.

Note: The check applies to Wireless USB (WUSB) devices; however, it
does not apply to wireless email devices (BlackBerry, Windows Mobile, etc.). Review the appropriate wireless email device security requirements for Bluetooth on these devices.
Fix Text (F-SRG-MPOL-067_fix)
Ensure a policy exists and is disseminated on the forbiddance of using wireless personal area network and near field communication devices, such as Bluetooth (and ZigBee), for classified processing.