Apple iOS/iPadOS 26 must implement the management setting: disable the Bluetooth radio.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-278852	PP-MDF-993300	AIOS-26-018200	SV-278852r1151255_rule	2025-12-01	1

Description
Authorizing Official (AO) approval is required before the Apple device Bluetooth radio can be enabled. All AO approvals should be documented and based on critical mission need. Use of Bluetooth may lead to the exposure of sensitive DOD information in some operational environments. SFR ID: FMT_SMF.1.1 #47

ℹ️ Check
Determine if the site AO has approved the use of Apple device Bluetooth radios. Look for a document showing AO approval. All AO approvals should be documented and based on critical mission need. If not approved, review configuration settings on the MDM server to confirm Bluetooth modification has been disabled, and on the Apple iPhone or iPad, verify Bluetooth cannot be enabled. If approved, this requirement is not applicable. This is a supervised-only control. If the iPhone or iPad being reviewed is not supervised by the MDM, this control is automatically a finding (if the AO has not approved the use of the Apple device Bluetooth radio). If the iPhone or iPad being reviewed is supervised by the MDM, follow these procedures: This check procedure is performed on both the device management tool and managed iPhone or iPad. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS management tool, verify the Bluetooth setting cannot be modified ("allowBluetoothModification" set to "false") in the configuration profile. On the managed Apple iPhone or iPad, verify the Bluetooth radio is disabled and cannot be enabled: (Settings >> Bluetooth) If the AO has not approved the use Bluetooth and Bluetooth modification has not been disabled in the device's MDM configuration profile or Bluetooth can be enabled on the Apple device, this is a finding.

ℹ️ Check

Determine if the site AO has approved the use of Apple device Bluetooth radios. Look for a document showing AO approval. All AO approvals should be documented and based on critical mission need. If not approved, review configuration settings on the MDM server to confirm Bluetooth modification has been disabled, and on the Apple iPhone or iPad, verify Bluetooth cannot be enabled. If approved, this requirement is not applicable. This is a supervised-only control. If the iPhone or iPad being reviewed is not supervised by the MDM, this control is automatically a finding (if the AO has not approved the use of the Apple device Bluetooth radio). If the iPhone or iPad being reviewed is supervised by the MDM, follow these procedures: This check procedure is performed on both the device management tool and managed iPhone or iPad. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS management tool, verify the Bluetooth setting cannot be modified ("allowBluetoothModification" set to "false") in the configuration profile. On the managed Apple iPhone or iPad, verify the Bluetooth radio is disabled and cannot be enabled: (Settings >> Bluetooth) If the AO has not approved the use Bluetooth and Bluetooth modification has not been disabled in the device's MDM configuration profile or Bluetooth can be enabled on the Apple device, this is a finding.

✔️ Fix
If the AO has not approved the use of the Apple device Bluetooth radio, install a configuration profile to disable Bluetooth use. This is a supervised-only control. There are two steps to this procedure: 1. MDM sends a device command to site managed Apple devices to disable Bluetooth. 2. Include the key "allowBluetoothModification" set to "false" in the configuration profile installed on site managed Apple devices.

✔️ Fix

If the AO has not approved the use of the Apple device Bluetooth radio, install a configuration profile to disable Bluetooth use. This is a supervised-only control. There are two steps to this procedure: 1. MDM sends a device command to site managed Apple devices to disable Bluetooth. 2. Include the key "allowBluetoothModification" set to "false" in the configuration profile installed on site managed Apple devices.