Vulnerability Discussion

If not configured properly, Bluetooth may allow rogue devices to communicate with a system. If a rogue device is paired with a system, there is potential for sensitive information to be compromised.

Check

This is NA if the system does not have Bluetooth.

Verify the Bluetooth radio is turned off unless approved by the organization. If it is not, this is a finding.

Approval must be documented with the ISSO.

Fix

Turn off Bluetooth radios not organizationally approved. Establish an organizational policy for the use of Bluetooth.