SC.L2-3.13.7—Split Tunneling
Level 2
800-171: 3.13.7
>Control Description
Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling).
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your policy prohibiting split tunneling?
- •How do you technically enforce split tunneling prevention?
- •What is your process for verifying remote access connections don't allow split tunneling?
- •Who is responsible for configuring and monitoring split tunneling controls?
Technical Implementation:
- •What VPN configurations prevent split tunneling?
- •How do you technically enforce that all traffic goes through VPN?
- •What endpoint controls prevent simultaneous connections?
- •What monitoring detects split tunneling attempts?
- •What VPN client settings disable split tunneling?
Evidence & Documentation:
- •What network diagrams show boundary protection architecture?
- •What firewall rule sets and configurations can you provide?
- •What encryption implementation documentation shows FIPS-validated crypto?
- •What key management procedures can you provide?
- •What network segmentation documentation shows proper separation?
- •What evidence shows cryptographic mechanisms protect CUI?
- •What configuration documentation shows security controls are properly implemented?
Ask AI
Configure your API key to use AI features.