Configure Bluetooth settings according to organizational standards.
CONTROL ID 12422
CONTROL TYPE Configuration
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain system hardening procedures., CC ID: 12001
This Control has the following implementation support Control(s):
Unpair Bluetooth devices when the pairing is no longer required., CC ID: 15232
Use authorized versions of Bluetooth to pair Bluetooth devices., CC ID: 15231
Refrain from using unit keys on Bluetooth devices., CC ID: 12541
Configure link keys to be based on combination keys in Bluetooth devices., CC ID: 12539
Refrain from using the "Just Works" model of Secure Simple Pairing in Bluetooth settings., CC ID: 12538
Disable all Bluetooth profiles other than the Serial Port Profile., CC ID: 12536
Lock Bluetooth profiles to prevent them being altered by end users., CC ID: 12535
Configure Bluetooth to refrain from allowing multiple profiles of Bluetooth stacks., CC ID: 12433
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Mobile devices are configured to remain undiscoverable to other Bluetooth devices except during Bluetooth pairing. (Security Control: 1196; Revision: 1, Australian Government Information Security Manual, March 2021)
Bluetooth pairing is performed in a manner such that connections are only made between intended Bluetooth devices. (Security Control: 1198; Revision: 1, Australian Government Information Security Manual, March 2021)
The range of Bluetooth communications between mobile devices and other Bluetooth devices is restricted to less than 10 metres by using class 2 or class 3 Bluetooth devices. (Security Control: 1202; Revision: 1, Australian Government Information Security Manual, March 2021)
OFFICIAL and PROTECTED mobile devices are configured to remain undiscoverable to other Bluetooth devices except during Bluetooth pairing. (Control: ISM-1196; Revision: 2, Australian Government Information Security Manual, June 2023)
Bluetooth pairing for OFFICIAL and PROTECTED mobile devices is performed in a manner such that connections are only made between intended Bluetooth devices. (Control: ISM-1198; Revision: 2, Australian Government Information Security Manual, June 2023)
Bluetooth pairing for OFFICIAL and PROTECTED mobile devices is performed using Secure Connections, preferably with Numeric Comparison if supported. (Control: ISM-1200; Revision: 5, Australian Government Information Security Manual, June 2023)
Bluetooth functionality is not enabled on SECRET and TOP SECRET mobile devices. (Control: ISM-0682; Revision: 5, Australian Government Information Security Manual, June 2023)
Bluetooth functionality is not enabled on SECRET and TOP SECRET mobile devices. (Control: ISM-0682; Revision: 5, Australian Government Information Security Manual, September 2023)
OFFICIAL: Sensitive and PROTECTED mobile devices are configured to remain undiscoverable to other Bluetooth devices except during Bluetooth pairing. (Control: ISM-1196; Revision: 3, Australian Government Information Security Manual, September 2023)
Bluetooth pairing for OFFICIAL: Sensitive and PROTECTED mobile devices is performed in a manner such that connections are only made between intended Bluetooth devices. (Control: ISM-1198; Revision: 3, Australian Government Information Security Manual, September 2023)
Bluetooth pairing for OFFICIAL: Sensitive and PROTECTED mobile devices is performed using Secure Connections, preferably with Numeric Comparison if supported. (Control: ISM-1200; Revision: 6, Australian Government Information Security Manual, September 2023)
Bluetooth devices should be configured by default as, and remain, undiscoverable except as needed for pairing (4.2.3 G, Information Supplement: PCI DSS Wireless Guidelines, Version 2.0)
Bluetooth technology and associated devices are susceptible to general wireless networking threats (e.g. denial of service [DoS] attacks, eavesdropping, man-in-the-middle [MITM] attacks, message modification, and resource misappropriation) as well as specific Bluetooth-related attacks that target kn… (§ 5.13.1.3 ¶ 2, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)