SC.3.184 Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling).

CMMC Practice SC.3.184: Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling).

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

Split tunneling for a remote user utilizes two connections: accessing resources on the organization’s network via a VPN and simultaneously accessing an external network such as the public network or the Internet. Split tunneling introduces a vulnerability where an open unencrypted connection from the public network could allow an adversary to access resources on the network. As a mitigation strategy, the split tunneling setting should be disabled on all devices so that all traffic, including traffic for external networks or the Internet, goes through the organization’s VPN.