Windows Server 2025 must not have Bluetooth enabled unless required by the organization.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-278018 | WN25-00-000333 | SV-278018r1180760_rule | CCI-000382 | medium |
| Description | ||||
| Unnecessary applications and/or services such as Bluetooth could allow an attacker to connect with intentions to take over or disrupt the system. | ||||
| STIG | Date | |||
| Microsoft Windows Server 2025 Security Technical Implementation Guide | 2026-02-20 | |||
Details
Check Text (C-278018r1180760_chk)
In the Windows search bar, type "Services". In the Services "Name" column look for the "Bluetooth Support Service". If this is set to "automatic", this is a finding.
Fix Text (F-82453r1180759_fix)
Validate the site documentation to ensure the approval of use for Wi-Fi server connections. If the connection has not been approved, type "Services" in the Windows search bar. In the Services "Name " column, look for the "Bluetooth Support Service" and set this to "Disabled". Any Bluetooth devices listed or in use must be documented and approved by the information system security officer (ISSO) or authorizing official (AO).