Disable Bluetooth on SECRET/TS Mobile Devices
Bluetooth must be turned off on mobile devices with SECRET or TOP SECRET information to prevent data leaks.
Plain language
This control means that Bluetooth, a way for devices to talk to each other wirelessly, should be turned off on mobile devices carrying Secret or Top Secret information. This matters because leaving Bluetooth on can make it easier for hackers to sneak in and steal sensitive data that could compromise security.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
S, TS
ISM last updated
Nov 2021
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for enterprise mobilitySection
Mobile device usageOfficial control statement
Bluetooth functionality is not enabled on SECRET and TOP SECRET mobile devices.
Why it matters
Enabling Bluetooth on SECRET/TS mobile devices increases the risk of nearby interception, device compromise and data exfiltration over short-range links.
Operational notes
Use MDM/device policies to disable Bluetooth on all SECRET/TS mobiles; regularly audit settings, record results and quarantine any non-compliant devices.
Implementation tips
- The IT team should audit all mobile devices used for handling Secret or Top Secret information to ensure Bluetooth is disabled. This can be done by accessing the device's settings and checking that Bluetooth is turned off.
- Managers responsible for staff using mobile devices with sensitive information should communicate the importance of keeping Bluetooth off. They can do this by organising short training sessions explaining the risks and how to properly check the Bluetooth settings.
- The Security Officer should create a policy that explicitly states Bluetooth must not be used on designated mobile devices. This policy should be distributed to all relevant personnel and included in onboarding materials.
- Procurement teams should ensure that any new mobile devices purchased for handling sensitive information come with Bluetooth disabled by default. This can be confirmed with the supplier at the time of purchase.
- HR should integrate a checklist into the onboarding process, which includes verifying that Bluetooth is disabled on any mobile device provided for handling sensitive information. This ensures new staff understand and comply with security requirements from day one.
Audit / evidence tips
-
Askthe device security settings report: Request documentation showing the configuration settings for each mobile device
Goodis confirmation that Bluetooth is turned off on all relevant devices
-
Goodincludes records showing completion by all relevant staff and materials emphasising Bluetooth risks
-
Goodincludes a clear policy statement that Bluetooth should remain off for devices handling sensitive information
-
Askrecords of procurement agreements: Review the terms of purchase for compliance with security specifications regarding Bluetooth settings
Goodis agreements that specify devices must have Bluetooth turned off by default
-
Goodis an updated, thorough checklist with a specific item about ensuring Bluetooth is disabled
Cross-framework mappings
How ISM-0682 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 8.1 | ISM-0682 requires Bluetooth functionality is not enabled on SECRET and TOP SECRET mobile devices to reduce proximity-based compromise and... | |
| Annex A 8.12 | ISM-0682 requires Bluetooth functionality is not enabled on SECRET and TOP SECRET mobile devices to prevent data leakage via wireless pai... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.