UCF STIG Viewer Logo

Samsung Android must be configured to disable all Bluetooth profiles except HSP (Headset Profile), HFP (HandsFree Profile), SPP (Serial Port Profile), A2DP (Advanced Audio Distribution Profile), AVRCP (Audio/Video Remote Control Profile), and PBAP (Phone Book Access Profile).


Overview

Finding ID Version Rule ID IA Controls Severity
V-93891 KNOX-09-000665 SV-103977r2_rule Low
Description
Some Bluetooth profiles provide the capability for remote transfer of sensitive DoD data without encryption or otherwise do not meet DoD IT security policies and therefore should be disabled. SFR ID: FMT_SMF_EXT.1.1 #18h
STIG Date
Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(Legacy) Deployment Security Technical Implementation Guide 2020-05-15

Details

Check Text ( C-93209r2_chk )
Review device configuration settings to confirm that all Bluetooth profiles are disabled except HSP, HFP, and SPP, A2DP, AVRCP, and PBAP.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the device, in the "Knox Bluetooth" group, verify that only "HFP, HSP, SPP, A2DP, AVRCP, and PBAP" are selected in the "allowed profiles".

On the Samsung Android device, verify that a Bluetooth peripheral that uses a profile other than HSP, HFP, SPP, A2DP, AVRCP, or PBAP (e.g., a Bluetooth keyboard) cannot be paired.

If on the MDM console "allowed profiles" has any selection other than "HSP, HFP, SPP, A2DP, AVRCP, and PBAP", or the Samsung Android device is able to pair with a Bluetooth keyboard, this is a finding.

Note: Disabling the Bluetooth radio will satisfy this requirement.
Fix Text (F-100139r2_fix)
Configure Samsung Android to disable all Bluetooth profiles except HSP, HFP, SPP, A2DP, AVRCP, and PBAP.

On the MDM console, for the device, in the "Knox Bluetooth" group, select "HFP, HSP, SPP, A2DP, AVRCP, and PBAP" in the "allowed profiles".