Details
The macOS system _MUST_ be configured to disable Bluetooth unless there is an approved device connected.
[IMPORTANT]
====
Information System Security Officers (ISSOs) may make the risk-based decision not to disable Bluetooth, so as to maintain necessary functionality, but they are advised to first fully weigh the potential risks posed to their organization.
====
Solution
This is implemented by a Configuration Profile.
mobileconfig profile info:
com.apple.ManagedClient.preferences:
com.apple.MCXBluetooth:
DisableBluetooth
True
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control, System and Communications Protection.This control applies to the following type of system Unix.
References
- 800-53|AC-18
- 800-53|AC-18(3)
- 800-53|SC-8
- CCE|CCE-91048-9, CCI|CCI-002418