The organization must have a policy forbidding the use of wireless personal area network (PAN) devices, such as near-field communications (NFC), Bluetooth, and ZigBee, to send, receive, store, or process classified information.

From Mobile Policy Security Requirements Guide

Associated with: CCI-001331

SV-47274r1_rule The organization must have a policy forbidding the use of wireless personal area network (PAN) devices, such as near-field communications (NFC), Bluetooth, and ZigBee, to send, receive, store, or process classified information.

Vulnerability discussion

Classified data could be compromised since wireless PAN devices do not meet DoD encryption requirements for classified data.

Check content

Verify compliance by reviewing the user agreement or security briefing to ensure personnel have been properly instructed on the policy that states that wireless PAN devices cannot be used for, or around classified processing. If the user agreement or security briefing does not exist, this is a finding. Note: The check applies to Wireless USB (WUSB) devices; however, it does not apply to wireless email devices (BlackBerry, Windows Mobile, etc.). Review the appropriate wireless email device security requirements for Bluetooth on these devices.

Fix text

Develop and publish a policy forbidding the use of wireless PAN devices for classified processing.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.