Title

Bluetooth (and Zigbee) devices must not be used to send, receive, store, or process classified information. (Cat I impact)

Discussion

Classified data could be compromised since Bluetooth (and Zigbee) devices do not meet DoD encryption requirements for classified data.

Check Content

NOTE: The check also applies to Wireless USB (WUSB) devices. This check does not apply to wireless email devices (Blackberry, Windows Mobile, etc.). See the appropriate wireless email device checklist for Bluetooth requirements for these devices. Verify compliance by reviewing the user agreement or security briefing to see if personnel have been properly instructed in the policy that devices with Bluetooth radios cannot be used for or around classified. Mark as a finding if the user agreement or security briefing does not exist or does not adequately cover the requirement.

Fix Text

Ensure the users are trained on need to comply with this requirement and/or site procedures document the policy.

Additional Identifiers

Rule ID: SV-4634r1_rule

Vulnerability ID: V-4634

Group Title: Bluetooth devices are not used for classified

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.