Title

The VPN client on the endpoint device will be configured to disable or disallow split tunneling. (Cat II impact)

Discussion

Split tunneling needs to be disabled so traffic is not visible to two networks at the same time. This means that printing for teleworkers will not be available. (Remote Only)

Check Content

Execute the software’s dialer applet from the Programs menu. The selections may vary depending on the products used for the VPN client. Verify that split tunneling is disabled or that tunneling is enabled in the Properties dialog box. Upon the establishment of a VPN connection to a DOD network, no other connections of any kind will be established. Next, verify that the setting for “local LAN access” is not selected. For example, if home networks are used, no connection between the device and other home network devices will be established during a VPN session. If Split Tunneling is used for VPN communications or if local LAN access is permitted, even for printing purposes, this is a finding.

Fix Text

Configure the VPN so that split tunneling is disabled.

Additional Identifiers

Rule ID: SV-6819r1_rule

Vulnerability ID: V-6671

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.