Title

The organization concept of operations (CONOPS) or site security plan must include information that Bluetooth devices use only Class 2 or 3 standard radios. (Cat III impact)

Discussion

A key security control for DoD Bluetooth devices is to limit the broadcast area of the Bluetooth signal to the personal area of the user (approximately 30 feet or less). Class 1 radios broadcast at a higher power and are more vulnerable than Class 2 or 3 radios. The Class 1 radio signal is broadcast much farther; therefore, an adversary can be much farther away to intercept or monitor the transmission. Class 3 radios – have a range of up to 1 meter or 3 feet. Class 2 radios – most commonly found in mobile devices – have a range of 10 meters or 33 feet. Class 1 radios – used primarily in industrial use cases – have a range of 100 meters or 300 feet.

Check Content

Review the CONOPS or site security plan on the use of Bluetooth devices and determine what class of radio is allowed for use. If Class 1 radios are allowed for use in Bluetooth devices, this is a finding.

Fix Text

Update policy to include Bluetooth devices must use only Class 2 or 3 standard radios.

Additional Identifiers

Rule ID:

Vulnerability ID: V-35929

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.