Title

The system must notify the user when a Bluetooth device attempts to connect. (Cat II impact)

Discussion

If not configured properly, Bluetooth may allow rogue devices to communicate with a system. If a rogue device is paired with a system, there is potential for sensitive information to be compromised.

Check Content

This is NA if the system does not have Bluetooth, or if Bluetooth is turned off per the organizations policy. Search for "Bluetooth". View Bluetooth Settings. Select "More Bluetooth Options" If "Alert me when a new Bluetooth device wants to connect" is not checked, this is a finding.

Fix Text

Configure Bluetooth to notify users if devices attempt to connect. View Bluetooth Settings. Ensure "Alert me when a new Bluetooth device wants to connect" is checked.

Additional Identifiers

Rule ID: SV-253293r991589_rule

Vulnerability ID: V-253293

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.