UCF STIG Viewer Logo

Samsung Android must be configured to disable all Bluetooth profiles except HSP (Headset Profile), HFP (HandsFree Profile), and SPP (Serial Port Profile).


Overview

Finding ID Version Rule ID IA Controls Severity
V-93891 KNOX-09-000665 SV-103977r1_rule Low
Description
Some Bluetooth profiles provide the capability for remote transfer of sensitive DoD data without encryption or otherwise do not meet DoD IT security policies and therefore should be disabled. SFR ID: FMT_SMF_EXT.1.1 #18h
STIG Date
Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(Legacy) Deployment Security Technical Implementation Guide 2019-10-01

Details

Check Text ( C-93209r1_chk )
Review device configuration settings to confirm that all Bluetooth profiles are disabled except HSP, HFP, and SPP.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the device, in the "Knox Bluetooth" group, verify that only "HFP, HSP, and SPP" are selected in the "allowed profiles".

On the Samsung Android device, verify that a Bluetooth peripheral that uses a profile other than HSP, HFP, or SPP (e.g., a Bluetooth keyboard) cannot be paired.

If on the MDM console "allowed profiles" has any selection other than "HSP, HFP, and SPP", or the Samsung Android device is able to pair with a Bluetooth keyboard, this is a finding.

Note: Disabling the Bluetooth radio will satisfy this requirement.
Fix Text (F-100139r1_fix)
Configure Samsung Android to disable all Bluetooth profiles except HSP, HFP, and SPP.

On the MDM console, for the device, in the "Knox Bluetooth" group, select "HFP, HSP, and SPP" in the "allowed profiles".