The mobile device Bluetooth radio must be disabled if not authorized for use.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-25019	WIR-MOS-iOS-040-01	SV-34930r2_rule	ECWN-1	Medium

Description
The Bluetooth radio can be used by a hacker to connect to the iOS device without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave.

STIG	Date
Apple iOS 6 Interim Security Configuration Guide (ISCG)	2013-01-17

Details

Check Text ( C-31220r3_chk )
The Bluetooth radio should be turned off by the user (User Based Enforcement (UBE)) if not being used to connect the approved Bluetooth smart card reader or handsfree headset to the mobile device. On a sample of site-managed iOS devices (pick 3-4 random devices), verify the Bluetooth radio is turned off if the Bluetooth smart card reader is not being used by the user. -Have the user log into the device. -Go to Settings > Bluetooth. -Verify the Bluetooth radio is off. Mark as a finding if configuration is not set as required.

Check Text ( C-31220r3_chk )

The Bluetooth radio should be turned off by the user (User Based Enforcement (UBE)) if not being used to connect the approved Bluetooth smart card reader or handsfree headset to the mobile device.

On a sample of site-managed iOS devices (pick 3-4 random devices), verify the Bluetooth radio is turned off if the Bluetooth smart card reader is not being used by the user.

-Have the user log into the device.
-Go to Settings > Bluetooth.
-Verify the Bluetooth radio is off.

Mark as a finding if configuration is not set as required.

Fix Text (F-27690r2_fix)
Configure the mobile device Bluetooth radio to be turned off if the Bluetooth smart card reader is not being used by the user.