AC.L2-3.1.14 — Route remote access via managed access control points.

What this control requires

Route remote access via managed access control points.

Source: CMMC L2 v2.13 AC.L2-3.1.14 / NIST SP 800-171 R2 3.1.14 (official control text).

Why this matters

Remote access creates pathways into the organization's network from uncontrolled environments — home offices, hotels, coffee shops. Without centralized enforcement points, attackers who compromise a remote device or steal credentials can bypass perimeter defenses entirely. This control requires all remote connections to funnel through managed gateways (VPNs, remote desktop gateways, cloud access brokers) where the organization enforces authentication, encryption, logging, and conditional access policies. By eliminating direct inbound connections and requiring routing through these checkpoints, the organization gains visibility into who accesses what from where, and can block suspicious sessions before CUI is exposed.

What evidence assessors expect

Assessors typically look for: screenshot, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls