Title

Apple visionOS 2 must implement the management setting: disable the Bluetooth radio. (Cat II impact)

Discussion

Authorizing Official (AO) approval is required before the Apple device Bluetooth radio can be enabled. All AO approvals should be documented and based on critical mission need. Use of Bluetooth may lead to the exposure of sensitive DOD information in some operational environments.

Check Content

Determine if the site AO has approved the use of Apple device Bluetooth radios. Look for a document showing AO approval. All AO approvals should be documented and based on critical mission need. If not approved, review configuration settings on the Vision Pro to confirm Bluetooth is disabled. If approved, this requirement is not applicable. If the AO has not approved the use Bluetooth and Bluetooth is not disabled on the Vision Pro device, this is a finding.

Fix Text

If the AO has not approved the use of the Apple device Bluetooth radio, disable Bluetooth use. This requirement is Not Applicable if the AO has approved Bluetooth use. There are two steps to this procedure: 1. MDM sends a device command to site-managed Apple devices to disable Bluetooth during initial setup of device. 2. User is trained to always keep Bluetooth disabled. This requirement is covered in AVOS-02-011900. This is a User-Based Enforcement (UBE) requirement.

Additional Identifiers

Rule ID: SV-279327r1148314_rule

Vulnerability ID: V-279327

Group Title: PP-MDF-993300

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.