STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Samsung Android 16 COBO Security Technical Implementation Guide

V-276536

CAT III (Low)

Samsung Android must be configured to disable all Bluetooth profiles except for Headset Profile (HSP), Hands-Free Profile (HFP), Serial Port Profile (SPP), Advanced Audio Distribution Profile (A2DP), Audio/Video Remote Control Profile (AVRCP), and Phone Book Access Profile (PBAP).

Rule ID

SV-276536r1139783_rule

STIG

Samsung Android 16 COBO Security Technical Implementation Guide

Version

V1R3

CCIs

CCI-000381, CCI-001761

Discussion

Some Bluetooth profiles provide the capability for remote transfer of sensitive DOD data without encryption or otherwise do not meet DOD IT security policies and therefore, must be disabled. SFR ID: FMT_SMF_EXT.1.1/BLUETOOTH BT-8

Check Content

Review the Samsung documentation and inspect the configuration to verify the Samsung Android devices are paired only with devices that support HSP, HFP, SPP, A2DP, AVRCP, and PBAP Bluetooth profiles.

This validation procedure is performed on both the management tool and the Samsung Android device.

On the management tool, in the device restrictions section, verify "Bluetooth" is set to the AO-approved selection: "Allow" if the AO has approved the use of Bluetooth or "Disallow" if the AO has not approved its use.

On the Samsung Android device: 
1. Open Settings >> Connections >> Bluetooth.
2. Verify all listed paired Bluetooth devices use only authorized Bluetooth profiles.

If on the management tool "Bluetooth" is not set to the AO-approved value, or the Samsung Android device is paired with a device that uses unauthorized Bluetooth profiles, this is a finding.

Fix Text

Configure the Samsung Android devices to disable Bluetooth, or if the AO has approved the use of Bluetooth (for example, for hands-free use), train users to only pair devices that support HSP, HFP, SPP, A2DP, AVRCP, and PBAP profiles.

On the management tool, in the device restrictions section, set "Bluetooth" to the AO-approved selection: "Allow" if the AO has approved the use of Bluetooth or "Disallow" if the AO has not approved its use.

The user training requirement is satisfied in requirement KNOX-16-009400.

If a COBO deployment requires the use of specific Bluetooth profiles, Knox Platform for Enterprise (KPE) can be used to allow them in a STIG-approved configuration. In this case, do not configure this policy, and instead replace with KPE policy (innately by the management tool or via Knox Service Plugin [KSP]) "Add Bluetooth UUIDs To White List " with values "HSP_UUID, HFP_UUID, SPP_UUID, A2DP_ADVAUDIODIST_UUID, AVRCP_CONTROLLER_UUID, AVRCP_TARGET_UUID" and default blacklist as "enable".

API: addUserRestriction, DISALLOW_BLUETOOTH