Samsung Android must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (HandsFree Profile), SPP (Serial Port Profile), A2DP (Advanced Audio Distribution Profile), AVRCP (Audio/Video Remote Control Profile), and PBAP (Phone Book Access Profile).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-231020	KNOX-11-002400	SV-231020r608683_rule		Low

Description
Some Bluetooth profiles provide the capability for remote transfer of sensitive DoD data without encryption or otherwise do not meet DoD IT security policies and therefore should be disabled. SFR ID: FMT_SMF_EXT.1.1 #18h

STIG	Date
Samsung Android 11 with Knox 3.x Legacy Security Technical Implementation Guide	2020-12-08

Details

Check Text ( C-33950r592674_chk )
Review Samsung Android configuration settings to determine if all Bluetooth profiles are disabled except for HSP, HFP, SPP, A2DP, AVRCP, and PBAP. This validation procedure is performed on both the management tool Administration Console and the Samsung Android device. On the management tool, in the device Bluetooth section, verify that only DoD-approved profile UUIDs are listed in the "Bluetooth UUID allowlist": HFP, HSP, SPP, A2DP, AVRCP, and PBAP. On the Samsung Android device: 1. Open Settings >> Connections >> Bluetooth. 2. Verify only Bluetooth devices that use DoD-approved profiles are listed. If on the management tool the "Bluetooth UUID allowlist" contains non-DoD-approved profile UUIDs, or on the Samsung Android device Bluetooth devices that use non-DoD-approved profiles are listed, this is a finding.

Check Text ( C-33950r592674_chk )

Review Samsung Android configuration settings to determine if all Bluetooth profiles are disabled except for HSP, HFP, SPP, A2DP, AVRCP, and PBAP.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the device Bluetooth section, verify that only DoD-approved profile UUIDs are listed in the "Bluetooth UUID allowlist": HFP, HSP, SPP, A2DP, AVRCP, and PBAP.

On the Samsung Android device:
1. Open Settings >> Connections >> Bluetooth.
2. Verify only Bluetooth devices that use DoD-approved profiles are listed.

If on the management tool the "Bluetooth UUID allowlist" contains non-DoD-approved profile UUIDs, or on the Samsung Android device Bluetooth devices that use non-DoD-approved profiles are listed, this is a finding.

Fix Text (F-33923r592675_fix)
Configure Samsung Android to disable all Bluetooth profiles except for HSP, HFP, SPP, A2DP, AVRCP, and PBAP. On the management tool, in the device Bluetooth section, add each DoD-approved profile UUID to the "Bluetooth UUID allowlist": HFP, HSP, SPP, A2DP, AVRCP, and PBAP.