If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DOD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to compromise DOD sensitive information. Dictation information could contain sensitive DOD information and therefore should not leave DOD control.
SFR ID: FMT_SMF.1.1 #47
Check
If the Vision Pro being reviewed is supervised by the MDM, review configuration settings to confirm "Disable connections to Siri servers for the purpose of dictation" is disabled.
This check procedure is performed on both the device management tool and the Vision Pro.
Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.
In the visionOS management tool, verify "Disable connections to Siri servers for the purpose of dictation" is checked.
On the Vision Pro device: 1. Open the Settings app. 2. Tap "General". 3. Tap "VPN & Device Management". 4. Tap the Configuration Profile from the visionOS management tool containing the restrictions policy. 5. Tap "Restrictions". 6. Verify "Dictation processes voice inputs on Apple Vision Pro" is not listed.
If connections to Siri servers are not disabled for dictation in the management tool, and "Dictation processes voice inputs on Apple Vision Pro" is listed in Profile Restrictions on the Apple device, this is a finding.
Fix
Configure the Apple visionOS configuration profile to disable connections to Siri servers for the purpose of dictation. This is a supervised-only control.
The procedure for implementing this control will vary depending on the MDM/EMM used by the mobile service provider.
In the MDM console, select "disable connections to Siri servers for the purpose of dictation".