The organization concept of operations (CONOPS) or site security plan must include information that Bluetooth devices use only Class 2 or 3 standard radios.

From Mobile Policy Security Requirements Guide

Associated with: CCI-001438

SV-47245r1_rule The organization concept of operations (CONOPS) or site security plan must include information that Bluetooth devices use only Class 2 or 3 standard radios.

Vulnerability discussion

A key security control for DoD Bluetooth devices is to limit the broadcast area of the Bluetooth signal to the personal area of the user (approximately 30 feet or less). Class 1 radios broadcast at a higher power and are more vulnerable than Class 2 or 3 radios. The Class 1 radio signal is broadcast much farther; therefore, an adversary can be much farther away to intercept or monitor the transmission. Class 3 radios – have a range of up to 1 meter or 3 feet.Class 2 radios – most commonly found in mobile devices – have a range of 10 meters or 33 feet.Class 1 radios – used primarily in industrial use cases – have a range of 100 meters or 300 feet.

Check content

Review the CONOPS or site security plan on the use of Bluetooth devices and determine what class of radio is allowed for use. If Class 1 radios are allowed for use in Bluetooth devices, this is a finding.

Fix text

Update policy to include Bluetooth devices must use only Class 2 or 3 standard radios.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.