UCF STIG Viewer Logo

Samsung Android must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (HandsFree Profile), SPP (Serial Port Profile), A2DP (Advanced Audio Distribution Profile), AVRCP (Audio/Video Remote Control Profile), and PBAP (Phone Book Access Profile).


Overview

Finding ID Version Rule ID IA Controls Severity
V-230980 KNOX-11-002300 SV-230980r607691_rule Low
Description
Some Bluetooth profiles provide the capability for remote transfer of sensitive DoD data without encryption or otherwise do not meet DoD IT security policies and therefore should be disabled. SFR ID: FMT_SMF_EXT.1.1 #18h
STIG Date
Samsung Android 11 with Knox 3.x AE Security Technical Implementation Guide 2020-12-08

Details

Check Text ( C-33910r592432_chk )
Review Samsung Android configuration settings to determine if all Bluetooth profiles are disabled except for HSP, HFP, SPP, A2DP, AVRCP, and PBAP.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the device Bluetooth section, verify that only DoD-approved profile UUIDs are listed in the "Bluetooth UUID allowlist": HFP, HSP, SPP, A2DP, AVRCP, and PBAP.

On the Samsung Android device:
1. Open Settings >> Connections >> Bluetooth.
2. Verify only Bluetooth devices that use DoD-approved profiles are listed.

If on the management tool the "Bluetooth UUID allowlist" contains non-DoD-approved profile UUIDs, or on the Samsung Android device Bluetooth devices that use non-DoD-approved profiles are listed, this is a finding.
Fix Text (F-33883r592433_fix)
Configure Samsung Android to disable all Bluetooth profiles except for HSP, HFP, SPP, A2DP, AVRCP, and PBAP.

On the management tool, in the device Bluetooth section, add each DoD-approved profile UUID to the "Bluetooth UUID allowlist": HFP, HSP, SPP, A2DP, AVRCP, and PBAP.