Title

Wireless PDA VPNs must operate with split tunneling disabled. (Cat II impact)

Discussion

DoD data could be compromised if transmitted data is not secured with a compliant VPN.

Check Content

This check is not applicable if the installed VPN client is not used for remote access to DoD networks. Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices. Check to see if the VPN has a setting to disable split tunneling. The following test can also be done: 1. Connect to the Internet using the PDA browser. 2. Launch the VPN client and connect to the DoD network. 3. Check to see if the browser is still connected to the Internet. If yes, split tunneling is not disabled. Mark as a finding if split tunneling is not disabled on all PDA VPN clients as the default configuration setting.

Fix Text

Comply with requirement.

Additional Identifiers

Rule ID: SV-31708r1_rule

Vulnerability ID: V-19899

Group Title: Remote access VPN - split tunneling

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.