diff --git a/pages/apple-silicon/faq.mdx b/pages/apple-silicon/faq.mdx
index 0b0e9cbb36..b5a719bda9 100644
--- a/pages/apple-silicon/faq.mdx
+++ b/pages/apple-silicon/faq.mdx
@@ -64,3 +64,10 @@ Yes, you can now activate the Private Networks feature on your Mac mini, and att
 [FileVault](https://support.apple.com/fr-fr/guide/mac-help/flvlt001/15.0/mac/15.0) is a macOS feature that encrypts your disk to protect your data. However, enabling FileVault requires entering a security key or password to unlock the disk and fully boot macOS. As a result, remote services such as Remote Desktop and SSH are unavailable until the key is entered.
 
 For a hosted Mac mini, this means remote connections cannot be established without physical access to the machine to input the FileVault security key or user password, making FileVault impractical for remotely managed systems.
+
+### Can I disable System Integrity Protection (SIP) on a hosted Mac mini?
+
+It is not possible to disable SIP on a hosted Mac mini. Disabling SIP requires **physical access to the machine** because of macOS’s security model, which involves pressing the Mac’s power button to adjust security settings.
+
+If your application depends on SIP being disabled, the recommended workaround is to **run macOS in a virtual machine** where SIP can be disabled. We suggest using [UTM](/apple-silicon/how-to/setup-vm-with-utm/#installating-utm), an open-source virtualization solution for macOS. Detailed instructions on disabling SIP in UTM are available [here](https://docs.getutm.app/advanced/recovery/).
+