The Samsung KNOX for Android platform must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-Free Profile), and SPP (Serial Port Profile).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-69687 | KNOX-39-015700 | SV-84309r1_rule | Medium |
| Description |
|---|
| Some Bluetooth profiles provide the capability for remote transfer of sensitive DoD data without encryption or otherwise do not meet DoD IT security policies and therefore should be disabled. SFR ID: FMT_SMF_EXT.1.1 #20 |
| STIG | Date |
|---|---|
| Samsung Android OS 6 (with KNOX 2.x) Security Technical Implementation Guide | 2016-11-14 |
Details
| Check Text ( C-70129r1_chk ) |
|---|
| This validation procedure is performed on both the MDM Administration Console and the Samsung KNOX for Android device. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Bluetooth Profiles" settings in the "Android Restrictions" rule. 2. Verify the only profiles allowed are HSP, HFP, and SPP. On the Samsung KNOX for Android device: 1. Attempt to pair a Bluetooth peripheral that uses profiles other than HSP, HFP, and SPP (e.g., a Bluetooth keyboard). 2. Verify the Bluetooth peripheral does not pair with the Samsung KNOX for Android device. If Bluetooth profiles other than HSP, HFP, and SPP are configured to be allowed, or if the device is able to pair with a Bluetooth keyboard, this is a finding. |
| Fix Text (F-75891r1_fix) |
|---|
| Configure the mobile operating system to disable all Bluetooth profiles except for HSP, HFP, and SPP. On the MDM Administration Console, configure the "Bluetooth Profiles" setting to only allow HSP, HFP, and SPP in the "Android Restrictions" rule. |