Check: HONW-09-001400
Honeywell Android 9.x COPE STIG:
HONW-09-001400
(in versions v1 r2 through v1 r1)
Title
The Honeywell Mobility Edge Android Pie device must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only HSP (Headset Profile), HFP (HandsFree Profile), or SPP (Serial Port Profile) capable devices. (Cat III impact)
Discussion
Some Bluetooth profiles provide the capability for remote transfer of sensitive DoD data without encryption or otherwise do not meet DoD IT security policies and therefore should be disabled. SFR ID: FMT_SMF_EXT.1.1 #18h
Check Content
Determine if the AO has approved the use of Bluetooth at the site. If the AO has not approved the use of Bluetooth, verify Bluetooth has been disabled: On the MDM console: 1. Open Restrictions section. 2. Ensure "Disallow Bluetooth" is set. On the Honeywell Android Pie device: 1. Go to Settings >> Connected Devices >> Connection Preferences >> Bluetooth. 2. Ensure that it is set to "Off" and cannot be toggled to "On". If the AO has approved the use of Bluetooth, on the Honeywell Android Pie device: 1. Go to Settings >> Connected Devices. 2. Verify only approved Bluetooth connected devices using approved profiles are listed. If the AO has not approved the use of Bluetooth, and Bluetooth use is not disabled via an MDM managed device policy, this is a finding. If the AO has approved the use of Bluetooth, and Bluetooth devices using unauthorized Bluetooth profiles are listed on the device under "Connected devices", this is a finding.
Fix Text
Configure the Honeywell Android device to disable Bluetooth or if the AO has approved the use of Bluetooth (for example, for car handsfree use), train the user to connect to only authorized Bluetooth devices using only HSP, HFP, or SPP Bluetooth capable devices (User Based Enforcement [UBE]). To disable Bluetooth, use the following procedure: On the MDM console: 1. Open Restrictions section. 2. Toggle "Disallow Bluetooth" to "On". The user training requirement is satisfied in requirement HONW-09-008700.
Additional Identifiers
Rule ID: SV-235070r852710_rule
Vulnerability ID: V-235070
Group Title: PP-MDF-301110
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-001761 |
The organization defines the functions, ports, protocols, and services within the information system that are to be disabled when deemed unnecessary and/or nonsecure. |