|Finding ID||Version||Rule ID||IA Controls||Severity|
|Policy and training provide assurance that security requirements will be implemented in practice. Failure to use FIPS 140-2 validated cryptography makes data more vulnerable to security breaches.|
|Bluetooth/Zigbee Security Technical Implementation Guide (STIG)||2014-03-18|
|Check Text ( C-39030r1_chk )|
| NOTE: this check only applies to sites using Bluetooth or Zigbee radios. |
Interview the IAO and verify a written policy or training materials exists stating that Bluetooth (or Zigbee) will be disabled on all applicable devices unless they employ FIPS 140-2 validated cryptographic modules for data-in-transit.
Mark as a finding if policy does not exist or if it does not adequately cover the requirement.
|Fix Text (F-34126r1_fix)|
|The IAO will ensure there is a policy or training materials prohibiting use of Bluetooth data transmission without FIPS 140-2 validated cryptographic modules.|