SC.L2-3.13.7 Split Tunneling

CMMC Practice SC.L2-3.13.7 – Split Tunneling: Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling).

Links to Publicly Available Resources


Split tunneling for a remote user utilizes two connections: accessing resources on the organization’s network via a VPN and simultaneously accessing an external network such as the public network or the Internet. Split tunneling introduces a vulnerability where an open unencrypted connection from the public network could allow an adversary to access resources on the network. As a mitigation strategy, the split tunneling setting should be disabled on all devices so that all traffic, including traffic for external networks or the Internet, goes through the organization’s VPN.