The organization must not use wireless personal area network devices and near field communications (NFC), such as Bluetooth and ZigBee, to send, receive, store, or process classified information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-MPOL-067 | SRG-MPOL-067 | SRG-MPOL-067_rule | High |
| Description |
|---|
| Classified data could be compromised since wireless personal area network and near field communications devices, such as Bluetooth and ZigBee, do not meet DoD encryption requirements for classified data. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2012-10-10 |
Details
| Check Text ( C-SRG-MPOL-067_chk ) |
|---|
| Verify compliance by reviewing the user agreement or security briefing to ensure personnel have been properly instructed on the policy that states that wireless personal area network (PAN) devices such as Bluetooth and ZigBee cannot be used for, or around classified processing. If the user agreement or security briefing does not exist, this is a finding. Note: The check applies to Wireless USB (WUSB) devices; however, it does not apply to wireless email devices (BlackBerry, Windows Mobile, etc.). Review the appropriate wireless email device security requirements for Bluetooth on these devices. |
| Fix Text (F-SRG-MPOL-067_fix) |
|---|
| Ensure a policy exists and is disseminated on the forbiddance of using wireless personal area network and near field communication devices, such as Bluetooth (and ZigBee), for classified processing. |