UP NEXT FIPS AND SPLIT TUNNELS

FIPS 140-2

According to Darren King, Director, Defense Industrial Base Cybersecurity Assessment Center, if you are planning on obtaining CMMC level 3 certification there are two common hurdles to overcome, the use of Federal Information Processing Standard (FIPS) validated products and split tunnels.

To meet the requirements of CMMC SC.3.177 you must employ a FIPS 140.2 -validated cryptography solution to protect the confidentiality of CUI while at rest and in transit.  

FIPS 140-2 (Federal Information Processing Standard) is a standard that specifies which cryptographic-based security systems are to be used to provide adequate security and protection of information systems that contain or transmit sensitive or valuable data, such as CUI.   Utilizing cryptography in the storage and transport of information ensures the confidentiality and Integrity of the information as well as the Identity of the entity interacting with the systems as well as assuring the source of the information for the receiving system. I believe the biggest challenge is in the acquisition and implementation of a valid solution.

You can search the list of validated solutions at Here

Split Tunneling

The issue here is that the common practice for setting up a remote worker is to set up a Virtual Private Network (VPN) connection using split tunneling. Split Tunneling basically allows a remote user to securely connect to company resources over a secure internet connection while allowing traffic that does not require the corporate network to stay on the local (home or public) network. While Split tunneling might be desirable by remote users to communicate with local system resources such as printers or file servers, split tunneling allows unauthorized external connections, making the system more vulnerable to attack and to exfiltration of organizational information. The use of split tunneling is not allowed under CMMC SC. 3.184

Since the implementation of a solution that meets the requirements of CMMC CS 3.184 is going to require a FIPS 140-2 validated solution, you may want to reach out us here at DOX Electronics for assistance in the design and implementation.
Share This Posting
Copyright ©   DoxWeb Design & SEO by Scriptable Solutions