Bluetooth pairing for OFFICIAL: Sensitive and PROTECTED mobile devices is performed using Secure Connections, preferably with Numeric Comparison if supported.
Topic
Using Bluetooth functionality
Applicable to
Official, Protected
History
Priority
must
Sep 2023
Bluetooth pairing for OFFICIAL: Sensitive and PROTECTED mobile devices is performed using Secure Connections, preferably with Numeric Comparison if supported.
References to ‘OFFICIAL systems’, ‘OFFICIAL mobile devices’, ‘OFFICIAL cables’ and ‘OFFICIAL wall outlet boxes’ were replaced with OFFICIAL: Sensitive terminology (e.g. OFFICIAL: Sensitive mobile devices) to correctly reflect the highest sensitivity of data such systems, devices and infrastructure can process, store and communicate (i.e. up to Business Impact Level 2).
Jun 2022
Bluetooth pairing for OFFICIAL and PROTECTED mobile devices is performed using Secure Connections, preferably with Numeric Comparison if supported.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content. This included the adoption of ‘control’ terminology, in preference to ‘security control’ terminology, to allow for the capture of other types of controls in the future, such as privacy controls, in addition to security controls.
In addition, formatting changes were made to the system security plan annex template and the cloud controls matrix template in order to increase their alignment, such as the inclusion of an ‘implementation status’ column within the system security plan annex template. Furthermore, a new ‘responsible entity’ column was added to both templates in order to capture information on the responsible system (in the case of inherited controls) or responsible vendor (in the case of multi-vendor systems) that are responsible for the implementation of controls. Note, this column can also be used to capture information on teams or individuals that are responsible for the implementation of controls if desired.
Dec 2021
Bluetooth pairing is performed using Secure Connections, preferably with Numeric Comparison if supported.
The recommendation to use at least Bluetooth version 2.1 devices has been amended to using devices that support Secure Connections functionality. This requires either Bluetooth version 4.1 devices (for Bluetooth Classic) or Bluetooth version 4.2 devices (for Bluetooth Low Energy). In addition, the recommendation against using class 1 Bluetooth devices has been removed due to providing only limited protection against Bluetooth attacks.
2015
If using Bluetooth on a mobile device, agencies must ensure both pairing devices useBluetooth version 2.1 or later.