Bluetooth (and Zigbee) devices must not be used to send, receive, store, or process classified information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-4634	WIR0410	SV-4634r1_rule	ECWN-1	High

Description
Classified data could be compromised since Bluetooth (and Zigbee) devices do not meet DoD encryption requirements for classified data.

STIG	Date
Bluetooth/Zigbee Security Technical Implementation Guide (STIG)	2013-03-14

Details

Check Text ( C-11516r1_chk )
NOTE: The check also applies to Wireless USB (WUSB) devices. This check does not apply to wireless email devices (Blackberry, Windows Mobile, etc.). See the appropriate wireless email device checklist for Bluetooth requirements for these devices. Verify compliance by reviewing the user agreement or security briefing to see if personnel have been properly instructed in the policy that devices with Bluetooth radios cannot be used for or around classified. Mark as a finding if the user agreement or security briefing does not exist or does not adequately cover the requirement.

Check Text ( C-11516r1_chk )

NOTE: The check also applies to Wireless USB (WUSB) devices. This check does not apply to wireless email devices (Blackberry, Windows Mobile, etc.). See the appropriate wireless email device checklist for Bluetooth requirements for these devices.

Verify compliance by reviewing the user agreement or security briefing to see if personnel have been properly instructed in the policy that devices with Bluetooth radios cannot be used for or around classified. Mark as a finding if the user agreement or security briefing does not exist or does not adequately cover the requirement.

Fix Text (F-34124r1_fix)
Ensure the users are trained on need to comply with this requirement and/or site procedures document the policy.