From Microsoft Windows 10 Mobile Security Technical Implementation Guide
Part of PP-MDF-201027
Associated with: CCI-000366
Some Bluetooth profiles provide the capability for remote transfer of sensitive DoD data without encryption or otherwise do not meet DoD IT security policies and therefore should be disabled.
Review Windows 10 Mobile configuration settings to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (HandsFree Profile), and SPP (Serial Port Profile). This validation procedure is performed only on the MDM administration console. On the MDM administration console: 1. Ask the MDM administrator to verify the Bluetooth compliance policy. 2. Find the setting for restricting "Bluetooth Services Allowed" profiles. 3. Verify that HSP, HFP and SPP are the only Bluetooth profiles allowed in the Bluetooth policy. If the MDM console does not expose any UI controls for Bluetooth profiles a custom configuration value can used as shown here: "{0000111E-0000-1000-8000-00805F9B34FB};{00001108-0000-1000-8000-00805F9B34FB};{00001101-0000-1000-8000-00805F9B34FB}" If the MDM does not have a compliance policy that restricts Bluetooth profiles to just those allowed, this is a finding.
Configure the MDM system to enforce a policy which configures the "Bluetooth Services Allowed" policy to restrict Bluetooth profiles to just HSP (Headset Profile), HFP (HandsFree Profile), and SPP (Serial Port Profile). Deploy the MDM policy to managed devices.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer