Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Windows 10 Mobile must be configured to disable VPN split-tunneling (if the MD provides a configurable control for FDP_IFC_EXT.1.1).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-70105 | MSWM-10-202418 | SV-84727r1_rule | Medium |
| Description |
|---|
| Spilt-tunneling allows multiple simultaneous remote connections to the mobile device. Without VPN split-tunneling disabled, malicious applications can covertly off-load device data to a third-party server or set up a trusted tunnel between a non-DoD third-party server and a DoD network, providing a vector to attack the network. SFR ID: FMT_SMF_EXT.1.1 #45 |
| STIG | Date |
|---|---|
| Microsoft Windows 10 Mobile Security Technical Implementation Guide | 2017-09-11 |
Details
| Check Text ( C-70581r1_chk ) |
|---|
| Review Windows 10 Mobile documentation and inspect the configuration on Windows 10 Mobile to disable VPN split-tunneling (if Windows 10 Mobile) provides a configurable control). This validation procedure is performed only on the MDM administration console. On the MDM administration console: Ask the MDM administrator to verify that the site-specific VPN policy on the MDM console has been configured to disable split-tunneling. If the site-specific VPN profile on the MDM is not configured to disable split-tunneling functionality, this is a finding. |
| Fix Text (F-76341r1_fix) |
|---|
| Configure the site-specific VPN profile on the MDM to disable split-tunneling. |