PE.L2-3.10.6 — Enforce safeguarding measures for CUI at alternate work sites
What this control requires
Enforce safeguarding measures for CUI at alternate work sites
Source: CMMC L2 v2.13 PE.L2-3.10.6 / NIST SP 800-171 R2 3.10.6 (official control text).
Why this matters
Alternate work sites — home offices, co-working spaces, client facilities — lack the physical and network controls of a primary facility. Employees handling CUI in these environments face heightened risks: shoulder surfing, insecure Wi-Fi, family member access, theft during travel. This control requires organizations to establish and enforce specific safeguards that travel with the data, ensuring CUI confidentiality and integrity regardless of where work occurs. Without formalized remote work security measures, CUI becomes vulnerable to unauthorized disclosure through uncontrolled physical access, compromised networks, or improper disposal of printed materials.
What evidence assessors expect
Assessors typically look for: PDF, screenshot, training certificate, signed letter. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on PE.L2-3.10.6.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →