diff --git a/components/bt/controller/esp32c3/Kconfig.in b/components/bt/controller/esp32c3/Kconfig.in
index 5f742e30d4..01fae35153 100644
--- a/components/bt/controller/esp32c3/Kconfig.in
+++ b/components/bt/controller/esp32c3/Kconfig.in
@@ -543,3 +543,10 @@ config BT_CTRL_BLE_SCAN
     depends on BT_CTRL_RUN_IN_FLASH_ONLY
     bool "Enable BLE scan feature"
     default y
+config BT_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS
+    bool "Enable enhanced Access Address check in CONNECT_IND"
+    default n
+    help
+        Enabling this option will add stricter verification of the Access Address in the CONNECT_IND PDU.
+        This improves security by ensuring that only connection requests with valid Access Addresses are accepted.
+        If disabled, only basic checks are applied, improving compatibility.
diff --git a/components/bt/controller/esp32c3/bt.c b/components/bt/controller/esp32c3/bt.c
index 0ae0f53145..3f007f8728 100644
--- a/components/bt/controller/esp32c3/bt.c
+++ b/components/bt/controller/esp32c3/bt.c
@@ -274,6 +274,7 @@ extern void ets_backup_dma_copy(uint32_t reg, uint32_t mem_addr, uint32_t num, b
 #endif
 
 extern void btdm_cca_feature_enable(void);
+extern void btdm_aa_check_enhance_enable(void);
 
 extern uint32_t _bt_bss_start;
 extern uint32_t _bt_bss_end;
@@ -990,6 +991,9 @@ static void btdm_funcs_table_ready_wrapper(void)
 #if BT_BLE_CCA_MODE == 2
     btdm_cca_feature_enable();
 #endif
+#if BLE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED
+    btdm_aa_check_enhance_enable();
+#endif
 }
 
 bool bt_async_wakeup_request(void)
diff --git a/components/bt/controller/lib_esp32c3_family b/components/bt/controller/lib_esp32c3_family
index d23ae97bb9..c57c0b11c3 160000
--- a/components/bt/controller/lib_esp32c3_family
+++ b/components/bt/controller/lib_esp32c3_family
@@ -1 +1 @@
-Subproject commit d23ae97bb91d66e08c58bfaabaeed0a5ba7b7b5d
+Subproject commit c57c0b11c3c0065a16b66685715100a189ef9b27
diff --git a/components/bt/include/esp32c3/include/esp_bt.h b/components/bt/include/esp32c3/include/esp_bt.h
index aaffa58e87..ab5ebc20ed 100644
--- a/components/bt/include/esp32c3/include/esp_bt.h
+++ b/components/bt/include/esp32c3/include/esp_bt.h
@@ -287,6 +287,12 @@ typedef void (* esp_bt_hci_tl_callback_t) (void *arg, uint8_t status);
 #define BT_CTRL_BLE_SCAN     (1)
 #endif // (BT_CTRL_RUN_IN_FLASH_ONLY == 1)
 
+#ifdef CONFIG_BT_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS
+#define BLE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED CONFIG_BT_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS
+#else
+#define BLE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED 0
+#endif
+
 #define BT_CONTROLLER_INIT_CONFIG_DEFAULT() {                              \
     .magic = ESP_BT_CTRL_CONFIG_MAGIC_VAL,                                 \
     .version = ESP_BT_CTRL_CONFIG_VERSION,                                 \
@@ -332,6 +338,7 @@ typedef void (* esp_bt_hci_tl_callback_t) (void *arg, uint8_t status);
     .qa_test = BT_CTRL_BLE_TEST,                                           \
     .master_en = BT_CTRL_BLE_MASTER,                                       \
     .scan_en = BT_CTRL_BLE_SCAN,                                           \
+    .ble_aa_check = BLE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED,     \
 }
 
 #else
@@ -413,6 +420,7 @@ typedef struct {
     bool qa_test;                           /*!< Controller QA test feature is enabled or not */
     bool master_en;                         /*!< Controller master feature is enabled or not */
     bool scan_en;                           /*!< Controller scan feature is enabled or not */
+    bool ble_aa_check;                      /*!< True if adds a verification step for the Access Address within the CONNECT_IND PDU; false otherwise. Configurable in menuconfig */
 } esp_bt_controller_config_t;
 
 /**