SC.L2-3.13.14 — Control and monitor the use of Voice over Internet Protocol (VoIP) technologies.
What this control requires
Control and monitor the use of Voice over Internet Protocol (VoIP) technologies.
Source: CMMC L2 v2.13 SC.L2-3.13.14 / NIST SP 800-171 R2 3.13.14 (official control text).
Why this matters
Voice over Internet Protocol (VoIP) systems — including softphones, SIP trunks, and unified communications platforms — transmit voice as data packets over the internet, exposing conversations to interception, eavesdropping, denial-of-service attacks, and toll fraud. Unlike traditional phone lines, VoIP relies on network infrastructure that can be compromised through the same vectors as any internet application: malware, man-in-the-middle attacks, unpatched endpoints, and weak authentication. This control protects the confidentiality of voice communications, prevents unauthorized use of telephony resources, and ensures availability of critical communication channels during incidents. Organizations must treat VoIP as a high-value network service requiring encryption, access controls, logging, and continuous monitoring.
What evidence assessors expect
Assessors typically look for: screenshot, CSV export, configuration export, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on SC.L2-3.13.14.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →