2.1.1 Ensure Show Bluetooth Status in Menu Bar Is Enabled

Information

By showing the Bluetooth status in the menu bar, a small Bluetooth icon is placed in the menu bar. This icon quickly shows the status of Bluetooth, and can allow the user to quickly turn Bluetooth on or off.

Rationale:

Enabling 'Show Bluetooth status in menu bar' is a security awareness method that helps understand the current state of Bluetooth, including whether it is enabled, discoverable, what paired devices exist, and what paired devices are currently active.

Impact:

Bluetooth is a useful wireless tool that has been widely exploited when configured improperly. The user should have insight into the Bluetooth status.

Solution

Graphical Method:
Perform the following steps to enable Bluetooth status in the menu bar:

Open System Preferences

Select Bluetooth

Set Show Bluetooth in menu bar to enabled

Terminal Method:
For each user, run the following command to enable Bluetooth status in the menu bar:

$ /usr/bin/sudo -u <username> /usr/bin/defaults write /Users/<username>/Library/Preferences/com.apple.systemuiserver menuExtras -array-add '/System/Library/CoreServices/Menu Extras/Bluetooth.menu'

example:

$ /usr/bin/sudo -u firstuser /usr/bin/defaults write /Users/firstuser/Library/Preferences/com.apple.systemuiserver menuExtras -array-add '/System/Library/CoreServices/Menu Extras/Bluetooth.menu'

Note: If the remediation is run multiple times, multiple instances of the Bluetooth status will appear after rebooting the system. Command-click and drag the unwanted icons off the menu bar.

See Also

https://workbench.cisecurity.org/files/4176

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: ba7945992b365e5899a39c96e64d022e3580db36632280c0f064c249170e2274