There was new recommendations last year from CISA to allow agency-sanctioned Cloud Service Providers to be split tunneled for the purpose of patching agency managed systems (applying Windows updates, antivirus updates and other patches etc.).
What ever happened with that? The link I referred to last year was removed:
I found a different link below that has similar guidance.
What’s required to use the CISA guidance to allow split tunnel patch management vs the NIST guidance that says no split tunneling no exceptions?