NixOS must protect wireless access to the system using authentication of users and/or devices.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-268147	SRG-OS-000300-GPOS-00118	ANIX-00-001260	SV-268147r1131095_rule	2025-08-19	1

Description
Allowing devices and users to connect to the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication. This requirement applies to operating systems that control wireless devices.

Description

Allowing devices and users to connect to the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication. This requirement applies to operating systems that control wireless devices.

ℹ️ Check
Verify NixOS disables Bluetooth adapters by running the following command: $ grep -R hardware.bluetooth /etc/nixos/ /etc/nixos/configuration.nix:hardware.bluetooth.enable = false; If "hardware.bluetooth.enable", does not equal false, is missing, or is commented out, this is a finding.

✔️ Fix
Configure the audit service to disable Bluetooth adapters. Add the following Nix code to the NixOS Configuration, usually located in /etc/nixos/configuration.nix or /etc/nixos/flake.nix: hardware.bluetooth.enable = false; Rebuild and switch to the new NixOS configuration: $ sudo nixos-rebuild switch