mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-03-17 22:32:09 +00:00
69 lines
1.5 KiB
YAML
69 lines
1.5 KiB
YAML
id: system_settings_bluetooth_disable
|
|
title: Disable Bluetooth When no Approved Device is Connected
|
|
discussion: |
|
|
The macOS system _MUST_ be configured to disable Bluetooth unless there is an approved device connected.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
Information System Security Officers (ISSOs) may make the risk-based decision not to disable Bluetooth, so as to maintain necessary functionality, but they are advised to first fully weigh the potential risks posed to their organization.
|
|
====
|
|
check: |
|
|
/usr/bin/osascript -l JavaScript << EOS
|
|
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.MCXBluetooth')\
|
|
.objectForKey('DisableBluetooth').js
|
|
EOS
|
|
result:
|
|
string: 'true'
|
|
fix: |
|
|
This is implemented by a Configuration Profile.
|
|
references:
|
|
cce:
|
|
- N/A
|
|
cci:
|
|
- CCI-001967
|
|
- CCI-002418
|
|
800-53r5:
|
|
- AC-18
|
|
- SC-8
|
|
- AC-18(3)
|
|
800-53r4:
|
|
- AC-18(3)
|
|
- SC-8
|
|
srg:
|
|
- SRG-OS-000423-GPOS-00187
|
|
- SRG-OS-000481-GPOS-00481
|
|
disa_stig:
|
|
- N/A
|
|
800-171r2:
|
|
- 3.13.8
|
|
cis:
|
|
benchmark:
|
|
- N/A
|
|
controls v8:
|
|
- 4.8
|
|
- 12.6
|
|
- 13.9
|
|
cmmc:
|
|
- AC.L2-3.1.16
|
|
macOS:
|
|
- '15.0'
|
|
tags:
|
|
- 800-53r5_low
|
|
- 800-53r4_moderate
|
|
- 800-53r4_high
|
|
- 800-53r5_moderate
|
|
- 800-53r5_high
|
|
- 800-171
|
|
- cisv8
|
|
- cnssi-1253_moderate
|
|
- cnssi-1253_low
|
|
- cnssi-1253_high
|
|
- cmmc_lvl2
|
|
- stig
|
|
severity: high
|
|
mobileconfig: true
|
|
mobileconfig_info:
|
|
com.apple.ManagedClient.preferences:
|
|
com.apple.MCXBluetooth:
|
|
DisableBluetooth: true
|