Remove Unnecessary Bluetooth Pairings on Devices
Remove Bluetooth pairings on certain mobile devices when they are no longer needed.
Plain language
This control is about managing Bluetooth connections on mobile devices like smartphones and tablets. It's important because if you leave old Bluetooth pairings active, someone with bad intentions could connect to your device without you knowing, especially if those devices handle sensitive information. Removing unnecessary connections helps keep your information secure.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P
ISM last updated
Nov 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for enterprise mobilitySection
Mobile device usageOfficial control statement
Bluetooth pairings for non-classified, OFFICIAL: Sensitive and PROTECTED mobile devices are removed when there is no longer a requirement for their use.
Why it matters
If unnecessary Bluetooth pairings remain, nearby devices may reconnect or be spoofed, enabling unauthorised access or data exposure on mobile devices.
Operational notes
Review saved Bluetooth pairings on OFFICIAL: Sensitive and PROTECTED mobile devices and delete any that are no longer required, including after staff or device changes.
Implementation tips
- IT team should review Bluetooth pairings regularly: Check the Bluetooth settings on all work mobile devices to remove any pairings that are no longer needed. Do this by accessing the Bluetooth menu and selecting the 'Forget' or 'Remove' option for outdated devices.
- Office manager should remind staff: Send a monthly reminder email to all staff asking them to check and clean up Bluetooth connections on their work devices. Provide simple instructions on how to do this step-by-step.
- System administrator should enforce pairing policies: Create a policy that requires automatic disconnection of inactive Bluetooth devices after a certain period. Configure device settings to ensure this is applied uniformly across all organisation devices.
- Security officer should verify device compliance: Regularly audit mobile devices to ensure old Bluetooth connections have been removed. Use device management software to help track and report compliance.
- Training lead should educate staff: Conduct quarterly training on the risks of unused Bluetooth connections and how to safely manage them. Use real-world examples to illustrate potential security breaches from old pairings.
Audit / evidence tips
- AskThe Bluetooth management policy: Request the document outlining how Bluetooth connections are handled on mobile devices GoodIncludes clear instructions and timelines for reviewing connections
- AskDevice activity logs: Request logs from the device management system showing Bluetooth activity GoodIncludes regular unpairing actions that align with the policy
- AskStaff training records: Request records showing staff attendance at relevant training sessions GoodIs consistent staff participation and relevant training materials
- AskSecurity audit reports: Request recent audit results that include checks on Bluetooth pairings GoodIncludes few or no instances of outdated pairings being flagged
- AskMobile device compliance reports: Require reports on the status of Bluetooth settings across all devices GoodShows high compliance rates and proactive follow-up
Cross-framework mappings
How ISM-1199 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.1 | ISM-1199 requires Bluetooth pairings to be removed from non-classified, OFFICIAL: Sensitive and PROTECTED mobile devices when they are no... | |
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 5.18 | ISM-1199 requires Bluetooth pairings to be removed from relevant mobile devices once there is no longer a business requirement | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.