STIGQter STIGQter: STIG Summary: Motorola Android 9.x COPE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 14 Oct 2020:

The Motorola Android Pie must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only HSP (Headset Profile), HFP (HandsFree Profile), or SPP (Serial Port Profile) capable devices.

DISA Rule

SV-230085r569708_rule

Vulnerability Number

V-230085

Group Title

GOOG-09-001400

Rule Version

MOTO-09-001400

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the Motorola Android device to disable Bluetooth or, if the AO has approved the use of Bluetooth (for example, for car hands-free use), train the user to connect to only authorized Bluetooth devices using only HSP, HFP, or SPP Bluetooth capable devices (User Based Enforcement (UBE).

To disable Bluetooth, use the following procedure.

On the MDM console:
1. Open Restrictions section.
2. Toggle "Disallow Bluetooth" to "On".

The user training requirement is satisfied in requirement MOTO-09-008700.

Check Contents

Determine if the AO has approved the use of Bluetooth at the site.

If the AO has not approved the use of Bluetooth, verify Bluetooth has been disabled.

On the MDM console:
1. Open Restrictions section.
2. Verify "Disallow Bluetooth" is set.

On the Android Pie device:
1. Go to Settings >> Connected Devices >> Connection Preferences >> Bluetooth.
2. Verify this is set to "Off" and cannot be toggled to "On".

If the AO has approved the use of Bluetooth, on the Android Pie device:
1. Go to Settings >> Connected Devices.
2. Verify only approved Bluetooth-connected devices using approved profiles are listed.

If the AO has not approved the use of Bluetooth, and Bluetooth use is not disabled via an MDM managed device policy, this is a finding.

If the AO has approved the use of Bluetooth, and Bluetooth devices using unauthorized Bluetooth profiles are listed on the device under "Connected devices", this is a finding.

Vulnerability Number

V-230085

Documentable

False

Rule Version

MOTO-09-001400

Severity Override Guidance

Determine if the AO has approved the use of Bluetooth at the site.

If the AO has not approved the use of Bluetooth, verify Bluetooth has been disabled.

On the MDM console:
1. Open Restrictions section.
2. Verify "Disallow Bluetooth" is set.

On the Android Pie device:
1. Go to Settings >> Connected Devices >> Connection Preferences >> Bluetooth.
2. Verify this is set to "Off" and cannot be toggled to "On".

If the AO has approved the use of Bluetooth, on the Android Pie device:
1. Go to Settings >> Connected Devices.
2. Verify only approved Bluetooth-connected devices using approved profiles are listed.

If the AO has not approved the use of Bluetooth, and Bluetooth use is not disabled via an MDM managed device policy, this is a finding.

If the AO has approved the use of Bluetooth, and Bluetooth devices using unauthorized Bluetooth profiles are listed on the device under "Connected devices", this is a finding.

Check Content Reference

M

Target Key

4230

Comments