Windows 10 Mobile must be configured to disable VPN split-tunneling (if the MD provides a configurable control for FDP_IFC_EXT.1.1).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-70105 | MSWM-10-202418 | SV-84727r1_rule | Medium |
| Description |
|---|
| Spilt-tunneling allows multiple simultaneous remote connections to the mobile device. Without VPN split-tunneling disabled, malicious applications can covertly off-load device data to a third-party server or set up a trusted tunnel between a non-DoD third-party server and a DoD network, providing a vector to attack the network. SFR ID: FMT_SMF_EXT.1.1 #45 |
| STIG | Date |
|---|---|
| Microsoft Windows 10 Mobile Security Technical Implementation Guide | 2017-09-11 |
Details
| Check Text ( C-70581r1_chk ) |
|---|
| Review Windows 10 Mobile documentation and inspect the configuration on Windows 10 Mobile to disable VPN split-tunneling (if Windows 10 Mobile) provides a configurable control). This validation procedure is performed only on the MDM administration console. On the MDM administration console: Ask the MDM administrator to verify that the site-specific VPN policy on the MDM console has been configured to disable split-tunneling. If the site-specific VPN profile on the MDM is not configured to disable split-tunneling functionality, this is a finding. |
| Fix Text (F-76341r1_fix) |
|---|
| Configure the site-specific VPN profile on the MDM to disable split-tunneling. |