Big Sur - Disable Bluetooth When no Approved Device is Connected

Information

The macOS system _MUST_ be configured to disable Bluetooth unless there is an approved device connected.

[IMPORTANT]
====
Information System Security Officers (ISSOs) may make the risk-based decision not to disable Bluetooth, so as to maintain necessary functionality, but they are advised to first fully weigh the potential risks posed to their organization.
====

Solution

This is implemented by a Configuration Profile.

mobileconfig profile info:

com.apple.ManagedClient.preferences:
com.apple.MCXBluetooth:
DisableBluetooth
True

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-18, 800-53|AC-18(3), 800-53|SC-8, CCE|CCE-85420-8, CCI|CCI-002418, STIG-ID|APPL-11-002062

Plugin: Unix

Control ID: fcbbb13eff5bb6169ae5efce2af93b7c5cc85a9bec6ec3d90484d94637c8be73