SC.L2-3.13.1 — Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.

What this control requires

Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.

Source: CMMC L2 v2.13 SC.L2-3.13.1 / NIST SP 800-171 R2 3.13.1 (official control text).

Why this matters

Network boundaries are where attackers attempt to infiltrate systems and where sensitive data can leak out. This control requires real-time visibility and enforcement at every point where your network connects to the internet, partner networks, or separates internal security zones. Without monitoring and protection at these choke points, malicious traffic flows freely inbound, and CUI can exfiltrate undetected. Boundary controls — firewalls, encrypted tunnels, intrusion detection — form the defensive perimeter that prevents unauthorized access, detects anomalies, and ensures only legitimate communications cross security boundaries. This protects both mission-critical systems and the sensitive data they process.

What evidence assessors expect

Assessors typically look for: screenshot, configuration export, log file. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls