The iOS device user must not allow applications to share data between iOS devices via Bluetooth.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34174 | WIR-MOS-iOS-70-03 | SV-44627r1_rule | ECWN-1 | Medium |
| Description |
|---|
| The iOS device Bluetooth sharing feature allows applications to share data saved on the iOS device with other iOS devices via Bluetooth connections between the devices. This feature allows the wireless transmission of sensitive DoD data without using FIPS 140-2 validated encryption as required by DoD policy and could expose sensitive DoD data to unauthorized individuals. |
| STIG | Date |
|---|---|
| Apple iOS6 Security Technical Implementation Guide | 2014-10-07 |
Details
| Check Text ( C-42135r2_chk ) |
|---|
| This is a User-Based Enforcement (UBE) control. On a sample of site-managed iOS devices (pick 3-4 random devices), check that no applications have been enabled for Bluetooth sharing. -Have the user log into the device. -Go to Settings > Privacy > Bluetooth Sharing. -Verify there are no applications listed. Mark as a finding if any applications are listed on the Bluetooth sharing screen. |
| Fix Text (F-38084r1_fix) |
|---|
| Delete all applications listed on the Bluetooth sharing screen or disable sharing of these applications. |