diff --git a/defaults/main.yml b/defaults/main.yml
index 0b53c600..9d71a1ce 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -169,6 +169,7 @@ num_logs: 5                                       # V-38636
 # Set these booleans to 'yes' to disable the kernel module (following the
 # STIG requirements). Set the boolean to 'no' to ensure no changes are made.
 disable_module:
+  bluetooth: yes                                  # V-38682
   dccp: yes                                       # V-38514
   rds: yes                                        # V-38516
   sctp: yes                                       # V-38515
diff --git a/doc/source/developer-notes/V-38682.rst b/doc/source/developer-notes/V-38682.rst
new file mode 100644
index 00000000..61ef5c05
--- /dev/null
+++ b/doc/source/developer-notes/V-38682.rst
@@ -0,0 +1,9 @@
+The Ansible task will disable the bluetooth kernel modules to meet the STIG
+requirements. To opt-out of this change, adjust the following Ansible variable
+to ``no``:
+
+.. code-block:: yaml
+
+    disable_bluetooth_module: no
+
+**NOTE:** The module will be disabled on the next system reboot.
diff --git a/files/V-38682-modprobe.conf b/files/V-38682-modprobe.conf
new file mode 100644
index 00000000..5e2ffbc3
--- /dev/null
+++ b/files/V-38682-modprobe.conf
@@ -0,0 +1,4 @@
+# File managed by openstack-ansible-security
+# Fixes RHEL 6 STIG V-38682
+install net-pf-31 /bin/true
+install bluetooth /bin/true
diff --git a/tasks/kernel.yml b/tasks/kernel.yml
index 109ae2de..7d7a17b6 100644
--- a/tasks/kernel.yml
+++ b/tasks/kernel.yml
@@ -148,3 +148,13 @@
     - kernel
     - cat2
     - V-38517
+
+- name: V-38682 - Disable bluetooth module
+  copy:
+    src: V-38682-modprobe.conf
+    dest: /etc/modprobe.d/disable-bluetooth.conf
+  when: disable_module['bluetooth'] | bool
+  tags:
+    - kernel
+    - cat2
+    - V-38682