Title

Apple visionOS 2 must disable ChatGPT connection for Apple Intelligence. (Cat II impact)

Discussion

The ChatGPT feature of Apple Intelligence allows DOD information to be downloaded from the DOD Vision Pro and processed by the ChatGPT application in the cloud. The ChatGPT feature of Apple Intelligence increases the risk of compromise of sensitive DOD information. SFR ID: FMT_MOF_EXT.1.2 #47

Check Content

This check procedure is performed on the device management tool and the device. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the visionOS management tool, verify the following controls are set to Disable (the text may vary, depending on the UEM/MDM product): -Allow External Intelligence Integrations. -Allow External Intelligence Integrations Sign In. On the Vision Pro (Apple Intelligence capable device only): 1. Settings >> Apple Intelligence & Siri >> ChatGPT. 2. Verify "ChatGPT" is grayed out and disabled. If ChatGPT and other external AI app connections are not disabled in the management tool or are not grayed out and disabled on the Vision Pro, this is a finding.

Fix Text

Install a configuration profile to disable ChatGPT and other external AI app connections for Apple Intelligence. -Set "allowExternalIntelligenceIntegrations" to "False". -Set "allowExternalIntelligenceIntegrationsSignIn" to "False".

Additional Identifiers

Rule ID: SV-276414r1147116_rule

Vulnerability ID: V-276414

Group Title: PP-MDF-993300

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.