Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-93891 | KNOX-09-000665 | SV-103977r2_rule | Low |
Description |
---|
Some Bluetooth profiles provide the capability for remote transfer of sensitive DoD data without encryption or otherwise do not meet DoD IT security policies and therefore should be disabled. SFR ID: FMT_SMF_EXT.1.1 #18h |
STIG | Date |
---|---|
Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(Legacy) Deployment Security Technical Implementation Guide | 2020-05-15 |
Check Text ( C-93209r2_chk ) |
---|
Review device configuration settings to confirm that all Bluetooth profiles are disabled except HSP, HFP, and SPP, A2DP, AVRCP, and PBAP. This procedure is performed on both the MDM Administration console and the Samsung Android device. On the MDM console, for the device, in the "Knox Bluetooth" group, verify that only "HFP, HSP, SPP, A2DP, AVRCP, and PBAP" are selected in the "allowed profiles". On the Samsung Android device, verify that a Bluetooth peripheral that uses a profile other than HSP, HFP, SPP, A2DP, AVRCP, or PBAP (e.g., a Bluetooth keyboard) cannot be paired. If on the MDM console "allowed profiles" has any selection other than "HSP, HFP, SPP, A2DP, AVRCP, and PBAP", or the Samsung Android device is able to pair with a Bluetooth keyboard, this is a finding. Note: Disabling the Bluetooth radio will satisfy this requirement. |
Fix Text (F-100139r2_fix) |
---|
Configure Samsung Android to disable all Bluetooth profiles except HSP, HFP, SPP, A2DP, AVRCP, and PBAP. On the MDM console, for the device, in the "Knox Bluetooth" group, select "HFP, HSP, SPP, A2DP, AVRCP, and PBAP" in the "allowed profiles". |