UCF STIG Viewer Logo

All mobile device VPN clients must have split tunneling disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19899 WIR-MOS-iOS-034-04 SV-36451r2_rule ECWN-1 Medium
Description
DoD data could be compromised if transmitted data is not secured with a compliant VPN. Split tunneling could allow connections from non-secure Internet sites to access data on the DoD network.
STIG Date
Apple iOS 6 Interim Security Configuration Guide (ISCG) 2013-01-17

Details

Check Text ( C-41594r2_chk )
This check is not applicable if the installed VPN client is not used for remote access to DoD networks. Note: Use of a VPN to access DoD email on a mobile device is not required.

Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices. Review VPN client specification sheets and verify the VPN client supports disabling split tunneling. Verify the VPN client is configured disable split tunneling. Mark as a finding if the VPN does not support disabling split tunneling or it is not disabled on the client.
Fix Text (F-37267r1_fix)
Disable split tunneling on VPN client.