Secure Bluetooth Pairing for Mobile Devices
Use secure methods when pairing Bluetooth on sensitive mobile devices, like numeric comparison.
Plain language
When pairing a mobile device with Bluetooth, especially if the device stores sensitive information, it's important to use secure methods like checking a number on both devices. This protects your information from being intercepted by others, which could lead to data breaches or unauthorised access to your device.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P
ISM last updated
Nov 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for enterprise mobilitySection
Mobile device usageOfficial control statement
Bluetooth pairing for non-classified, OFFICIAL: Sensitive and PROTECTED mobile devices is performed using Secure Connections, preferably with Numeric Comparison if supported.
Why it matters
Without Secure Connections Bluetooth pairing (preferably Numeric Comparison), nearby attackers may intercept traffic or spoof devices, exposing OFFICIAL: Sensitive/PROTECTED data.
Operational notes
Configure devices to require Secure Connections pairing and use Numeric Comparison where supported; periodically test pairing prompts and remove/deny unknown or legacy pairings.
Implementation tips
- The IT manager should ensure all staff are trained on secure Bluetooth pairing. They can do this by organising a workshop where staff can learn how to compare numbers displayed on devices during the pairing process.
- Mobile device users should always double-check that they are pairing with the correct device. This can be achieved by confirming the name of the device they are trying to connect to and ensuring it matches the one displayed on their screen.
- The cybersecurity team should enable Bluetooth Secure Connections on all devices that support it. This involves going into device settings and choosing the option for secure pairing, which often includes a numeric comparison feature.
- Procurement officers should prioritise purchasing devices that support secure Bluetooth pairing methods such as Numeric Comparison. This includes checking product specifications to ensure these features are available before purchasing.
- Managers should establish a policy that mandates secure pairing methods for devices handling sensitive information. This involves writing a simple policy document and distributing it to all staff members, describing the steps for secure pairing.
Audit / evidence tips
-
Askthe training records for staff on Bluetooth security procedures. Look to see if the records show the training included secure pairing techniques, specifically numeric comparison
Good: training records showing all staff attended and understood the secure pairing method
-
Askthe current mobile device policy document. Check that it includes instructions for secure pairing, specifically the use of Numeric Comparison
Gooda policy document that clearly states numeric comparison as the standard for Bluetooth pairing
-
Goodoutcome: logs indicating that numeric comparison was used for every pairing
-
Aska report on how secure Bluetooth features are being configured on devices
Cross-framework mappings
How ISM-1200 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 8.5 | ISM-1200 requires Bluetooth pairing on sensitive mobile devices to use Secure Connections and preferably Numeric Comparison to ensure the... | |
| link Related (1) expand_less | ||
| Annex A 8.1 | Annex A 8.1 requires protecting information accessible via endpoint devices, including reducing the risk of unauthorised access through l... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.