User Awareness Process

Vendors should create a process to inform end users about both security functionality, security incidents, and available security updates.

Users must be made aware of potential inherent security problems with using the system or exposure that results from using the device
​(e.g. that data can be accessed when the device is lost or eavesdropping cannot be prevented due to very specific device use cases/design requirements).