| V-4634 ||High ||Bluetooth (and Zigbee) devices must not be used to send, receive, store, or process classified information. ||Classified data could be compromised since Bluetooth (and Zigbee) devices do not meet DoD encryption requirements for classified data. |
| V-18619 ||Medium ||Bluetooth peripherals must conform to the DoD Bluetooth Peripheral Device Security Requirements Specification.
||Sensitive unclassified voice and data communications could be intercepted and exposed if required security controls are not used. |
| V-3499 ||Medium ||If Bluetooth (or Zigbee) devices transmit unclassified DoD data communications, then they must use FIPS 140-2 validated cryptographic modules for data in transit, including digital voice communications. ||FIPS validation provides assurance that the cryptographic modules are implemented correctly and resistant to compromise. Failure to use FIPS 140-2 validated cryptographic modules makes it more... |
| V-30360 ||Low ||The site must have a written policy or training materials stating Bluetooth must be disabled on all applicable devices unless they employ FIPS 140-2 validated cryptographic modules for data-in-transit. ||Policy and training provide assurance that security requirements will be implemented in practice. Failure to use FIPS 140-2 validated cryptography makes data more vulnerable to security breaches. |