Apple visionOS 2 users must complete required training.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-276400	PP-MDF-993300	AVOS-02-011900	SV-276400r1148316_rule	2025-09-30	1

Description
The security posture on visionOS devices requires the device user to configure several required policy rules on their device. User-Based Enforcement (UBE) is required for these controls. In addition, if the authorizing official (AO) has approved users' full access to the Apple App Store, users must receive training on risks. If a user is not aware of their responsibilities and does not comply with UBE requirements, the security posture of the visionOS mobile device and DOD sensitive data may become compromised. SFR ID: NA

Description

The security posture on visionOS devices requires the device user to configure several required policy rules on their device. User-Based Enforcement (UBE) is required for these controls. In addition, if the authorizing official (AO) has approved users' full access to the Apple App Store, users must receive training on risks. If a user is not aware of their responsibilities and does not comply with UBE requirements, the security posture of the visionOS mobile device and DOD sensitive data may become compromised. SFR ID: NA

ℹ️ Check
Review a sample of site User Agreements for visionOS device users or similar training records and training course content. Verify Vision Pro users have completed required training. If any Vision Pro user has not completed required training, this is a finding.

✔️ Fix
Have all Vision Pro users complete training on the following topics. Users must acknowledge receipt of training via a signed User Agreement or similar written record. Training topics: - Operational security concerns introduced by unmanaged applications, including applications using global positioning system (GPS) tracking. - Must ensure no DOD data is saved in an unmanaged app or transmitted from a personal app (for example, from personal email). - If the Purebred key management app is used, users are responsible for always maintaining positive control of their credentialed device. The DOD PKI certificate policy requires subscribers to maintain positive control of the devices that contain private keys and report any loss of control so the credentials can be revoked. Upon device retirement, turn in, or reassignment, ensure a factory data reset is performed prior to device handoff. Follow mobility service provider decommissioning procedures as applicable. - How to configure the following UBE controls (users must configure the control) and other controls on the Vision Pro: Never enable Guest User Mode. Use is prohibited. Never enable Developer Mode. Use is prohibited. - AO guidance on acceptable use and restrictions, if any, on downloading and installing personal apps and data (music, photos, etc.). - The Developer Strap must not be used with a DOD Vision Pro device without the explicit approval of the AO. - How to disable Bluetooth when Bluetooth use is not approved by the AO.

✔️ Fix

Have all Vision Pro users complete training on the following topics. Users must acknowledge receipt of training via a signed User Agreement or similar written record. Training topics: - Operational security concerns introduced by unmanaged applications, including applications using global positioning system (GPS) tracking. - Must ensure no DOD data is saved in an unmanaged app or transmitted from a personal app (for example, from personal email). - If the Purebred key management app is used, users are responsible for always maintaining positive control of their credentialed device. The DOD PKI certificate policy requires subscribers to maintain positive control of the devices that contain private keys and report any loss of control so the credentials can be revoked. Upon device retirement, turn in, or reassignment, ensure a factory data reset is performed prior to device handoff. Follow mobility service provider decommissioning procedures as applicable. - How to configure the following UBE controls (users must configure the control) and other controls on the Vision Pro: ** Never enable Guest User Mode. Use is prohibited. ** Never enable Developer Mode. Use is prohibited. - AO guidance on acceptable use and restrictions, if any, on downloading and installing personal apps and data (music, photos, etc.). - The Developer Strap must not be used with a DOD Vision Pro device without the explicit approval of the AO. - How to disable Bluetooth when Bluetooth use is not approved by the AO.