Are you trying got understand the 3.13.7, “Split Tunneling” Security Requirement in NIST SP 800-171 Rev 2 (and draft Rev 3??

Like all of the requirements, there are nuances in the actual Security Requirement, “Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling).”

In this “As the CMMC Churns” we take a look at the keywords (e.g., remote devices, simultaneous, non-remote connections, et al) and describe how the requirement, when implemented operates as intended.

We will also discuss how a good firewall/VPN concentrator operates to securely implement “Disabled Split Tunneling” while minimizing latency impact to components of your system, not behind your firewall (e.g., Microsoft Teams).

A Whitepaper version of this is available at https://peakinfosec.com/information-security/compliance/dfards-and-nist-sp-800-171/split_tunneling/.

 ============================================================

Peak InfoSec Homepage: https://peakinfosec.com

As the CMMC Churns Episodes: https://peakinfosec.com/as-the-cmmc-churns/

Contact Peak InfoSec for Support: https://peakinfosec.com/contact/

Email: cmmc.services@peakinfosec.us ============================================================