CMMC Practice AC.L2-3.1.14

Remote Access Routing: Route remote access via managed access control points.

Monarch ISC Guidance

You want to route remote access through as few VPN gateways as possible. Even if you have many offices, you should only have a single, primary VPN connection, and a backup for that connection (if you determine VPN redundancy is required). Be aware that users may attempt to circumvent this control by installing an enabling a third party software which allows a connection directly to their PC, such as LogMeIn, TeamViewer, or GoToMyPC. You must prohibit the use of this software and block it if possible. This can be tricky as often these solutions may also block permitted screen sharing applications popular for virtual meetings.

Discussion From Source

NIST SP 800-171 R2 Routing remote access through managed access control points enhances explicit, organizational control over such connections, reducing the susceptibility to unauthorized access to organizational systems resulting in the unauthorized disclosure of CUI.

References