This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The information system, in conjunction with a remote device, prevents the device from simultaneously establishing non-remote connections with the system and communicating via some other connection to resources in external networks.
NIST 800-53 (r4) Supplemental Guidance:
This control enhancement is implemented within remote devices (e.g., notebook computers) through configuration settings to disable split tunneling in those devices, and by preventing those configuration settings from being readily configurable by users. This control enhancement is implemented within the information system by the detection of split tunneling (or of configuration settings that allow split tunneling) in the remote device, and by prohibiting the connection if the remote device is using split tunneling. Split tunneling might be desirable by remote users to communicate with local information system resources such as printers/file servers. However, split tunneling would in effect allow unauthorized external connections, making the system more vulnerable to attack and to exfiltration of organizational information. The use of VPNs for remote connections, when adequately provisioned with appropriate security controls, may provide the organization with sufficient assurance that it can effectively treat such connections as non-remote connections from the confidentiality and integrity perspective. VPNs thus provide a means for allowing non-remote communications paths from remote devices. The use of an adequately provisioned VPN does not eliminate the need for preventing split tunneling.
NIST 800-53 (r5) Discussion:
Split tunneling is the process of allowing a remote user or device to establish a non-remote connection with a system and simultaneously communicate via some other connection to a resource in an external network. This method of network access enables a user to access remote devices and simultaneously, access uncontrolled networks. Split tunneling might be desirable by remote users to communicate with local system resources, such as printers or file servers. However, split tunneling can facilitate unauthorized external connections, making the system vulnerable to attack and to exfiltration of organizational information. Split tunneling can be prevented by disabling configuration settings that allow such capability in remote devices and by preventing those configuration settings from being configurable by users. Prevention can also be achieved by the detection of split tunneling (or of configuration settings that allow split tunneling) in the remote device, and by prohibiting the connection if the remote device is using split tunneling. A virtual private network (VPN) can be used to securely provision a split tunnel. A securely provisioned VPN includes locking connectivity to exclusive, managed, and named environments, or to a specific set of preapproved addresses, without user control.
38North Guidance:
Meets Minimum Requirement:
Restrict remote access to users connecting from managed devices (e.g., laptops, etc.).
Disable the configuration setting on managed devices that enables split tunneling.
Connections must originate from within the corporate network and utilize a VPN.
Disable the configuration setting on the VPN that enables split tunneling.
Best Practice:
Force remote connections to terminate on a hardened bastion host within the system boundary.
Disable the configuration setting on the bastion host that enables split tunneling.
Unofficial FedRAMP Guidance:
None
Assessment Evidence:
Configuration settings showing that split tunneling is disabled on connecting devices, VPNs, and any device within the system boundary from which a network connection can originate (screenshots are acceptable).
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD