SC.L1-3.13.1 — Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.

What this control requires

Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.

Source: CMMC L1 v2.13 SC.L1-3.13.1 / FAR 52.204-21(b)(1) / NIST SP 800-171 R2 3.13.1 (official control text).

Why this matters

Every connection into or out of your network is a potential attack vector. External boundaries—where your systems meet the internet or partners—and internal boundaries—where sensitive data zones meet general networks—are the choke points where you enforce policy, detect intrusions, and prevent data leakage. Without boundary monitoring and control, adversaries move laterally undetected, exfiltrate CUI silently, and exploit trust relationships between network segments. This control mandates firewalls, traffic inspection, and segmentation to ensure only legitimate, authorized communications cross these boundaries.

What evidence assessors expect

Assessors typically look for: screenshot, configuration export, CSV export, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls