SI.L1-3.14.5 — Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed.

What this control requires

Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed.

Source: CMMC L1 v2.13 SI.L1-3.14.5 / FAR 52.204-21(b)(1) / NIST SP 800-171 R2 3.14.5 (official control text).

Why this matters

Malicious code—viruses, trojans, ransomware, spyware—enters organizations through email attachments, downloads, USB drives, and compromised websites. Without automated scanning, a single infected file can encrypt critical data, steal credentials, or grant attackers persistent access to your network. This control requires continuous background scans of all endpoints and real-time inspection of every file the moment it crosses your perimeter. It's your first line of defense against the most common attack vector: weaponized files that exploit trust and human error.

What evidence assessors expect

Assessors typically look for: screenshot, CSV export. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls