AC.L2-3.1.18 — Control connection of mobile devices.
What this control requires
Control connection of mobile devices.
Source: CMMC L2 v2.13 AC.L2-3.1.18 / NIST SP 800-171 R2 3.1.18 (official control text).
Why this matters
Mobile devices — smartphones, tablets, laptops — are powerful endpoints that roam beyond your network perimeter, accessing email, files, and applications from anywhere. Without enforceable controls, a lost device becomes a data breach, a compromised phone becomes a credential harvester, and an unpatched tablet becomes ransomware's front door. This control requires organizations to technically enforce which devices can connect, what they can access, and what security baseline they must maintain. It protects CUI from theft, malware propagation, and unauthorized remote access by ensuring only compliant, managed devices touch sensitive systems.
What evidence assessors expect
Assessors typically look for: screenshot, CSV export, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on AC.L2-3.1.18.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →