Applications providing remote connectivity must prevent remote devices that have established a non-remote connection with the system from communicating outside of the communications path with resources in external networks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35688	SRG-APP-000257-MAPP-NA	SV-46975r1_rule		Medium

Description
This control enhancement is implemented within the remote device (e.g., notebook/laptop computer) via configuration settings that are not configurable by the user of that device. An example of a non-remote communications path from a remote device is a virtual private network. When a non-remote connection is established using a virtual private network, the configuration settings prevent split-tunneling. Split-tunneling might otherwise be used by remote users to communicate with the information system as an extension of that system and to communicate with local resources such as, a printer or file server. Since the remote device, when connected by a non-remote connection, becomes an extension of the information system, allowing dual communications paths such as split-tunneling would be, in effect, allowing unauthorized external connections into the system. Rationale for non-applicability: Mobile applications that support remote access are not within the scope of this SRG.

Description

This control enhancement is implemented within the remote device (e.g., notebook/laptop computer) via configuration settings that are not configurable by the user of that device. An example of a non-remote communications path from a remote device is a virtual private network. When a non-remote connection is established using a virtual private network, the configuration settings prevent split-tunneling. Split-tunneling might otherwise be used by remote users to communicate with the information system as an extension of that system and to communicate with local resources such as, a printer or file server. Since the remote device, when connected by a non-remote connection, becomes an extension of the information system, allowing dual communications paths such as split-tunneling would be, in effect, allowing unauthorized external connections into the system. Rationale for non-applicability: Mobile applications that support remote access are not within the scope of this SRG.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-44030r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-40230r1_fix)
The requirement is NA. No fix is required.