The organization concept of operations (CONOPS) or site security plan must include information that Bluetooth devices use only Class 2 or 3 standard radios.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35929	SRG-MPOL-011	SV-47245r1_rule		Low

Description
A key security control for DoD Bluetooth devices is to limit the broadcast area of the Bluetooth signal to the personal area of the user (approximately 30 feet or less). Class 1 radios broadcast at a higher power and are more vulnerable than Class 2 or 3 radios. The Class 1 radio signal is broadcast much farther; therefore, an adversary can be much farther away to intercept or monitor the transmission. Class 3 radios – have a range of up to 1 meter or 3 feet. Class 2 radios – most commonly found in mobile devices – have a range of 10 meters or 33 feet. Class 1 radios – used primarily in industrial use cases – have a range of 100 meters or 300 feet.

Description

A key security control for DoD Bluetooth devices is to limit the broadcast area of the Bluetooth signal to the personal area of the user (approximately 30 feet or less). Class 1 radios broadcast at a higher power and are more vulnerable than Class 2 or 3 radios. The Class 1 radio signal is broadcast much farther; therefore, an adversary can be much farther away to intercept or monitor the transmission. Class 3 radios – have a range of up to 1 meter or 3 feet. Class 2 radios – most commonly found in mobile devices – have a range of 10 meters or 33 feet. Class 1 radios – used primarily in industrial use cases – have a range of 100 meters or 300 feet.

STIG	Date
Mobile Policy Security Requirements Guide	2013-07-03

Details

Check Text ( C-44166r2_chk )
Review the CONOPS or site security plan on the use of Bluetooth devices and determine what class of radio is allowed for use. If Class 1 radios are allowed for use in Bluetooth devices, this is a finding.

Fix Text (F-40453r1_fix)
Update policy to include Bluetooth devices must use only Class 2 or 3 standard radios.