Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-242541 | ZEBR-10-001400 | SV-242541r714468_rule | Low |
Description |
---|
Some Bluetooth profiles provide the capability for remote transfer of sensitive DoD data without encryption or otherwise do not meet DoD IT security policies and therefore should be disabled. SFR ID: FMT_SMF_EXT.1.1 #18h |
STIG | Date |
---|---|
Zebra Android 10 COPE Security Technical Implementation Guide | 2021-05-27 |
Check Text ( C-45816r714466_chk ) |
---|
Determine if the AO has approved the use of Bluetooth at the site. If the AO has not approved the use of Bluetooth, verify Bluetooth has been disabled by doing the following: On the MDM console: 1. Open Restrictions section. 2. Verify "Disallow Bluetooth" is set. On the Zebra Android 10 device: 1. Go to Settings >> Connected Devices >> Connection Preferences >> Bluetooth. 2. Verify that it is set to Off and cannot be toggled to On. If the AO has approved the use of Bluetooth, on the Zebra Android 10 device do the following: 1. Go to Settings >> Connected Devices. 2. Verify only approved Bluetooth connected devices using approved profiles are listed. If the AO has not approved the use of Bluetooth, and Bluetooth use is not disabled via an MDM managed device policy, this is a finding. If the AO has approved the use of Bluetooth, and Bluetooth devices using unauthorized Bluetooth profiles are listed on the device under "Connected devices", this is a finding. |
Fix Text (F-45773r714467_fix) |
---|
Configure the Zebra Android 10 device to disable Bluetooth or, if the AO has approved the use of Bluetooth (for example, for automobile hands-free use), train the user to connect to only authorized Bluetooth devices using only HSP, HFP, or SPP Bluetooth-capable devices (UBE). To disable Bluetooth, use the following procedure. On the MDM console: 1. Open Restrictions section. 2. Toggle "Disallow Bluetooth" to On. The user training requirement is satisfied in requirement ZEBR-10-008700. |