Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-93891 | KNOX-09-000665 | SV-103977r1_rule | Low |
Description |
---|
Some Bluetooth profiles provide the capability for remote transfer of sensitive DoD data without encryption or otherwise do not meet DoD IT security policies and therefore should be disabled. SFR ID: FMT_SMF_EXT.1.1 #18h |
STIG | Date |
---|---|
Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(Legacy) Deployment Security Technical Implementation Guide | 2019-10-01 |
Check Text ( C-93209r1_chk ) |
---|
Review device configuration settings to confirm that all Bluetooth profiles are disabled except HSP, HFP, and SPP. This procedure is performed on both the MDM Administration console and the Samsung Android device. On the MDM console, for the device, in the "Knox Bluetooth" group, verify that only "HFP, HSP, and SPP" are selected in the "allowed profiles". On the Samsung Android device, verify that a Bluetooth peripheral that uses a profile other than HSP, HFP, or SPP (e.g., a Bluetooth keyboard) cannot be paired. If on the MDM console "allowed profiles" has any selection other than "HSP, HFP, and SPP", or the Samsung Android device is able to pair with a Bluetooth keyboard, this is a finding. Note: Disabling the Bluetooth radio will satisfy this requirement. |
Fix Text (F-100139r1_fix) |
---|
Configure Samsung Android to disable all Bluetooth profiles except HSP, HFP, and SPP. On the MDM console, for the device, in the "Knox Bluetooth" group, select "HFP, HSP, and SPP" in the "allowed profiles". |