Samsung Android must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-Free Profile), SPP (Serial Port Profile), A2DP (Advanced Audio Distribution Profile), AVRCP (Audio/Video Remote Control Profile), and PBAP (Phone Book Access Profile).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-258637	KNOX-14-110120	SV-258637r931111_rule		Low

Description
Some Bluetooth profiles provide the capability for remote transfer of sensitive DOD data without encryption or otherwise do not meet DOD IT security policies and therefore must be disabled. SFR ID: FMT_SMF_EXT.1.1/BLUETOOTH BT-8

STIG	Date
Samsung Android OS 14 with Knox 3.x COBO Security Technical Implementation Guide	2023-10-18

Details

Check Text ( C-62377r931109_chk )
Review the Samsung documentation and inspect the configuration to verify the Samsung Android devices are paired only with devices that support HSP, HFP, SPP, A2DP, AVRCP, and PBAP Bluetooth profiles. This validation procedure is performed on both the management tool and the Samsung Android device. On the management tool, in the device restrictions section, verify "Bluetooth" is set to the AO-approved selection: "Allow" if the AO has approved the use of Bluetooth or "Disallow" if the AO has not approved its use. On the Samsung Android device: 1. Open Settings >> Connections >> Bluetooth. 2. Verify all listed paired Bluetooth devices use only authorized Bluetooth profiles. If on the management tool "Bluetooth" is not set to the AO-approved value, or the Samsung Android device is paired with a device that uses unauthorized Bluetooth profiles, this is a finding.

Check Text ( C-62377r931109_chk )

Review the Samsung documentation and inspect the configuration to verify the Samsung Android devices are paired only with devices that support HSP, HFP, SPP, A2DP, AVRCP, and PBAP Bluetooth profiles.

This validation procedure is performed on both the management tool and the Samsung Android device.

On the management tool, in the device restrictions section, verify "Bluetooth" is set to the AO-approved selection: "Allow" if the AO has approved the use of Bluetooth or "Disallow" if the AO has not approved its use.

On the Samsung Android device:
1. Open Settings >> Connections >> Bluetooth.
2. Verify all listed paired Bluetooth devices use only authorized Bluetooth profiles.

If on the management tool "Bluetooth" is not set to the AO-approved value, or the Samsung Android device is paired with a device that uses unauthorized Bluetooth profiles, this is a finding.

Fix Text (F-62286r931110_fix)
Configure the Samsung Android devices to disable Bluetooth, or if the AO has approved the use of Bluetooth (for example, for hands-free use), train users to only pair devices that support HSP, HFP, SPP, A2DP, AVRCP, and PBAP profiles. On the management tool, in the device restrictions section, set "Bluetooth" to the AO-approved selection: "Allow" if the AO has approved the use of Bluetooth or "Disallow" if the AO has not approved its use. The user training requirement is satisfied in requirement KNOX-14-110300.

Fix Text (F-62286r931110_fix)

Configure the Samsung Android devices to disable Bluetooth, or if the AO has approved the use of Bluetooth (for example, for hands-free use), train users to only pair devices that support HSP, HFP, SPP, A2DP, AVRCP, and PBAP profiles.

On the management tool, in the device restrictions section, set "Bluetooth" to the AO-approved selection: "Allow" if the AO has approved the use of Bluetooth or "Disallow" if the AO has not approved its use.

The user training requirement is satisfied in requirement KNOX-14-110300.