Title

BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements. (Cat II impact)

Discussion

Non-secure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack.

Check Content

Detailed Policy Requirements: When the BlackBerry Bluetooth Smart Card Reader (SCR) is used as a PC SCR, the following requirements must be followed: At the time of the publication of this document, the use of the BlackBerry SCR for authentication with PCs is only authorized with PCs that have Microsoft Windows XP. The Microsoft Vista and Windows 7 Bluetooth stack has not yet been tested with the BlackBerry SCR to determine if Bluetooth device pairing can be done in a secure manner and meets DoD security requirements. Check Procedures: Perform the following checks on site PCs used with the BlackBerry Bluetooth SCR: Interview the ISSO and SA and verify the BlackBerry SCR is not used with Windows Vista and Windows 7. BlackBerry users with Vista or Windows 7 on their PCs must be put in the BlackBerry users group not authorized to use the BlackBerry SCR with their PCs.

Fix Text

BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements.

Additional Identifiers

Rule ID: SV-21228r3_rule

Vulnerability ID: V-19311

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.