Title

Bluetooth peripherals must conform to the DoD Bluetooth Peripheral Device Security Requirements Specification. (Cat II impact)

Discussion

Sensitive unclassified voice and data communications could be intercepted and exposed if required security controls are not used.

Check Content

Ask the IAO for documentation verifying Bluetooth peripherals (e.g., headsets) used by personnel at the site conform to the DoD Bluetooth Peripheral Device Security Requirements Specification (i.e., verification from NSA, DISA, or a DoD test agency). The specification is found at http://iase.disa.mil/stigs/net_perimeter/wireless/smartphone.html and http://www.nsa.gov/ia/_files/wireless/BlueToothDoc.pdf.

Fix Text

Procure Bluetooth headsets that conform to the DoD Bluetooth Peripheral Device Security Requirements Specification.

Additional Identifiers

Rule ID: SV-20177r1_rule

Vulnerability ID: V-18619

Group Title: Bluetooth peripherals security

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.