visionOS 26 STIG V1R1

View as one page
STIG IDTitle
AVOS-26-001000Apple visionOS 26 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: on a per-app basis, on a per-group of applications processes basis].
AVOS-26-003000Apple visionOS 26 must not allow backup to remote systems (iCloud).
AVOS-26-003200Apple visionOS 26 must not allow backup to remote systems (iCloud document and data synchronization).
AVOS-26-003300Apple visionOS 26 must not allow backup to remote systems (iCloud Keychain).
AVOS-26-003450Apple visionOS 26 must not allow backup to remote systems (Cloud Photo Library).
AVOS-26-003600Apple visionOS 26 must not allow backup to remote systems (managed applications data stored in iCloud).
AVOS-26-006500Apple visionOS 26 must be configured to enforce a minimum password length of six characters.
AVOS-26-006600Apple visionOS 26 must be configured to not allow passwords that include more than four repeating or sequential characters.
AVOS-26-006800Apple visionOS 26 must be configured to lock the display after 15 minutes (or less) of inactivity.
AVOS-26-006900Apple visionOS 26 must be configured to not allow more than 10 consecutive failed authentication attempts.
AVOS-26-006950Apple visionOS 26 must be configured to enforce a passcode reuse prohibition of at least two generations.
AVOS-26-007000Apple visionOS 26 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store].
AVOS-26-007500Apple visionOS 26 must be configured to not display notifications when the device is locked.
AVOS-26-008400Apple visionOS 26 must be configured to display the DOD advisory warning message at startup or each time the user unlocks the device.
AVOS-26-009700Apple visionOS 26 must not allow non-DOD applications to access DOD data.
AVOS-26-009900Apple visionOS 26 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.
AVOS-26-010000Apple visionOS 26 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory-installed application)] upon unenrollment from MDM.
AVOS-26-010200Apple visionOS 26 must be configured to disable ad hoc wireless client-to-client connection capability.
AVOS-26-010400Apple visionOS 26 must require a valid password be successfully entered before the mobile device data is unencrypted.
AVOS-26-010600Apple visionOS 26 must implement the management setting: not allow automatic completion of Safari browser passcodes.
AVOS-26-010800Apple visionOS 26 must implement the management setting: not allow use of Handoff.
AVOS-26-011000Apple visionOS 26 must implement the management setting: disable Allow MailDrop.
AVOS-26-011200Vision Pro must have the latest available visionOS operating system installed.
AVOS-26-011300Apple visionOS 26 must implement the management setting: use SSL for Exchange ActiveSync.
AVOS-26-011400Apple visionOS 26 must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple visionOS 26 Mail app.
AVOS-26-011500Apple visionOS 26 must implement the management setting: treat AirDrop as an unmanaged destination.
AVOS-26-011700Apple visionOS 26 must implement the management setting: not share location data through iCloud.
AVOS-26-011900Apple visionOS 26 users must complete required training.
AVOS-26-012000A managed photo app must be used to take and store work-related photos.
AVOS-26-012300Apple visionOS 26 must not allow managed apps to write contacts to unmanaged contacts accounts.
AVOS-26-012400Apple visionOS 26 must not allow unmanaged apps to read contacts from managed contacts accounts.
AVOS-26-012500Apple visionOS 26 must implement the management setting: disable AirDrop.
AVOS-26-012700Apple visionOS 26 must disable "Password AutoFill" in browsers and applications.
AVOS-26-013000Apple visionOS 26 must disable password sharing.
AVOS-26-013200The Apple visionOS 26 must be supervised by the MDM.
AVOS-26-013400The Apple visionOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.
AVOS-26-013500Apple visionOS must implement the management setting: not allow a user to remove Apple visionOS configuration profiles that enforce DOD security requirements.
AVOS-26-014300Apple visionOS 26 must disable "Allow network drive access in Files access".
AVOS-26-014400Apple visionOS 26 must disable connections to Siri servers for the purpose of dictation.
AVOS-26-014600Apple visionOS 26 must disable copy/paste of data from managed to unmanaged applications.
AVOS-26-014700Apple visionOS 26 must have DOD root and intermediate PKI certificates installed.
AVOS-26-015400Apple visionOS 26 must disable ChatGPT connection for Apple Intelligence.
AVOS-26-015500Apple visionOS 26 must disable the download of visionOS beta updates.
AVOS-26-015900Apple Vision Pro (AVP) hardware must not be modified to use the Developer Strap unless the authorizing official (AO) approves use on a case-by-case basis.
AVOS-26-016000Apple visionOS 26 must disable the user's ability to wipe the device.
AVOS-26-016100Apple visionOS 26 must disable the use of voice assistant (Siri) unless required to meet Section 508 compliance requirements.
AVOS-26-017200Apple visionOS 26 must disable the Apple Intelligence feature: Image Wand.
AVOS-26-017300Apple visionOS 26 must disable the Apple Intelligence feature: Image Generation.
AVOS-26-017400Apple visionOS 26 must disable the Apple Intelligence feature: generate new Genmoji.
AVOS-26-017700DOD Apple visionOS 26 devices must have a Mobile Threat Detection (MTD) app installed.
AVOS-26-018000DOD Apple visionOS 26 devices must disable screenshots and screen recordings.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.