SI.L1-3.14.2 — Provide protection from malicious code at designated locations within organizational systems.
What this control requires
Provide protection from malicious code at designated locations within organizational systems.
Source: CMMC L1 v2.13 SI.L1-3.14.2 / FAR 52.204-21(b)(1) / NIST SP 800-171 R2 3.14.2 (official control text).
Why this matters
Malicious code — viruses, ransomware, spyware, worms — enters systems through email attachments, USB drives, compromised websites, and software vulnerabilities. Once inside, it can exfiltrate sensitive data, encrypt files for ransom, or create persistent backdoors for attackers. This control requires deploying anti-malware defenses at every system entry and exit point: endpoints, email gateways, web proxies, file servers, and mobile devices. Without multi-layered protection, a single phishing email or infected USB drive can compromise your entire environment and trigger a breach notification obligation under DFARS 252.204-7012.
What evidence assessors expect
Assessors typically look for: screenshot, configuration export, CSV export. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on SI.L1-3.14.2.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →