Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-36753 | WN08-MO-000002 | SV-48427r2_rule | ECWN-1 | Medium |
Description |
---|
When split tunneling is enabled, device peripherals and other computers communicating with the mobile device may be able to connect to a DoD network and obtain sensitive information or otherwise compromise DoD information resources. Disabling split tunneling eliminates the risk associated with this vulnerability. |
STIG | Date |
---|---|
Windows 8/8.1 Security Technical Implementation Guide | 2017-02-27 |
Check Text ( C-45096r1_chk ) |
---|
Verify the VPN client on mobile devices is configured to prevent split tunneling for connections to DoD networks. If it is not, this is a finding. Procedures will vary depending on the VPN client used. |
Fix Text (F-41558r1_fix) |
---|
Configure the VPN client on mobile devices to prevent split tunneling when connecting to DoD networks. Procedures will vary depending on the VPN client used. |