When a device is on your VPN, it shouldn't also have an open door straight to the public internet.
What it actually means
Split tunneling lets a remote device route some traffic through your VPN and other traffic straight to the internet — which can bridge an outside network into yours. Configure VPN clients to force all traffic through the tunnel (full tunnel) so the remote device can't simultaneously talk to external resources outside your control.
Pass or fail — an assessor needs a "yes" to each
- Are VPN clients configured to disable split tunneling (full-tunnel)?
- Is that setting enforced by policy or configuration rather than left to the user?
What to have ready
- VPN client configuration / profile showing split tunneling disabled
- Policy statement requiring full-tunnel VPN
Where teams trip up
- Default VPN profiles that allow split tunneling
- Letting users toggle the setting
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →