The system must keep mobile devices communication protocols hidden, protected with credentials or turned off. This refers to protocols that allow data exchange such as Bluetooth, NFC and Tethering.
This requirement is verified in following services
- OWASP TOP 10-A5. Security misconfiguration
- OWASP-M TOP 10-M3. Insecure communication threat agents
- NIST Framework-PR_PT-2. Removable media is protected and its use restricted according to policy
- NIST Framework-PR_PT-4. Communications and control networks are protected
- SANS 25-15. Use of Hard-coded Credentials
- CMMC-AC_L2-3_1_18. Mobile device connection
- CMMC-SC_L1-3_13_1. Boundary protection
- HITRUST CSF-09_s. Information exchange policies and procedures
- HITRUST CSF-09_v. Electronic messaging
- OSSTMM3-9_2_2. Wireless security (logistics) - Communications
- PTES-4_5_3. Threat capability analysis - Communication mechanisms
- PTES-5_2_2_2. Vulnerability analysis - Network vulnerability scanners (service based)
- NIST 800-171-1_16. Authorize wireless access prior to allowing such connections
- NIST 800-171-1_18. Control connection of mobile devices
- SIG Lite-SL_142. Is there a mobile device management solution in place?
- SIG Core-M_1_25. End user device security
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.