The administrator/MDM must disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-Free Profile) and SPP (Serial Port Profile).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-48247 | KNOX-29-015700 | SV-61119r1_rule | Medium |
| Description |
|---|
| Unsecure Bluetooth profiles may allow either unauthenticated connections to mobile devices or transfer of sensitive DoD data without required DoD information assurance (IA) controls. Only the HSP, HFP, and SPP profiles are required to meet current DoD Bluetooth needs and DoD data and voice IA controls. SFR ID: FMT_SMF.1.1 #42 |
| STIG | Date |
|---|---|
| Samsung Android (with Knox 1.x) STIG | 2014-04-22 |
Details
| Check Text ( C-50679r1_chk ) |
|---|
| This validation procedure is performed on both the MDM Administration Console and the Samsung Knox Android device. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Bluetooth Profiles" settings in the "Android Restrictions" rule. 2. Verify the only profiles allowed are HSP, HFP and SPP. On the Samsung Knox Android device: 1. Attempt to pair a Bluetooth peripheral that uses profiles other than HSP, HFP, and SPP (e.g., a Bluetooth keyboard). 2. Verify the Bluetooth peripheral does not pair with the Samsung Knox Android device. If the Bluetooth profiles other than HSP, HFP, and SPP are configured to be allowed, or if the device is able to pair with a Bluetooth keyboard, this is a finding. |
| Fix Text (F-51855r1_fix) |
|---|
| Configure the operating system to only allow HSP, HFP, and SPP Bluetooth profiles. On the MDM Administration Console, configure the "Bluetooth Profiles" setting to only allow HSP, HFP, SPP in the "Android Restrictions" rule. |