The organization must have a written policy or training materials stating Bluetooth must be disabled on all applicable devices unless they employ FIPS 140-2 validated cryptographic modules for data in transit.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35937 | SRG-MPOL-019 | SV-47253r1_rule | Low |
| Description |
|---|
| Policy and training provide assurance that security requirements will be implemented in practice. Failure to use FIPS 140-2 validated cryptography makes data more vulnerable to security breaches as the data is unencrypted and in clear text. |
| STIG | Date |
|---|---|
| Mobile Policy Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-44174r1_chk ) |
|---|
| This check only applies to sites using Bluetooth or ZigBee radios. Verify a written policy or training materials exists stating that Bluetooth (or ZigBee) will be disabled on all applicable devices unless they employ FIPS 140-2 validated cryptographic modules for data in transit. If a policy does not exist or if it does not adequately cover the requirement, this is a finding. |
| Fix Text (F-40462r1_fix) |
|---|
| Update the policy or training materials to prohibit use of Bluetooth data transmission without FIPS 140-2 validated cryptographic modules. |