Are you trying got understand the 3.13.7, “Split Tunneling” Security Requirement in NIST SP 800-171 Rev 2 (and draft Rev 3??

Like all of the requirements, there are nuances in the actual Security Requirement, “Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling).”

In this “As the CMMC Churns” we take a look at the keywords (e.g., remote devices, simultaneous, non-remote connections, et al) and describe how the requirement, when implemented operates as intended.

We will also discuss how a good firewall/VPN concentrator operates to securely implement “Disabled Split Tunneling” while minimizing latency impact to components of your system, not behind your firewall (e.g., Microsoft Teams).

A Whitepaper version of this is available at


Peak InfoSec Homepage:

As the CMMC Churns Episodes:

Contact Peak InfoSec for Support:

Email: ============================================================