UCF STIG Viewer Logo

Bluetooth (and Zigbee) devices must not be used to send, receive, store, or process classified information.


Finding ID Version Rule ID IA Controls Severity
V-4634 WIR0410 SV-4634r1_rule ECWN-1 High
Classified data could be compromised since Bluetooth (and Zigbee) devices do not meet DoD encryption requirements for classified data.
Bluetooth/Zigbee Security Technical Implementation Guide (STIG) 2014-03-18


Check Text ( C-11516r1_chk )
NOTE: The check also applies to Wireless USB (WUSB) devices. This check does not apply to wireless email devices (Blackberry, Windows Mobile, etc.). See the appropriate wireless email device checklist for Bluetooth requirements for these devices.

Verify compliance by reviewing the user agreement or security briefing to see if personnel have been properly instructed in the policy that devices with Bluetooth radios cannot be used for or around classified. Mark as a finding if the user agreement or security briefing does not exist or does not adequately cover the requirement.
Fix Text (F-34124r1_fix)
Ensure the users are trained on need to comply with this requirement and/or site procedures document the policy.