SC.L2-3.13.15 — Protect the authenticity of communications sessions.
What this control requires
Protect the authenticity of communications sessions.
Source: CMMC L2 v2.13 SC.L2-3.13.15 / NIST SP 800-171 R2 3.13.15 (official control text).
Why this matters
Session authenticity prevents attackers from impersonating legitimate users or systems during active communications. Without session protection, adversaries can intercept credentials, inject malicious commands, or steal sensitive data mid-conversation—even when initial authentication succeeds. This control mitigates man-in-the-middle attacks, session hijacking, and replay attacks by ensuring both parties continuously verify each other's identity and detect tampering throughout the entire session lifecycle. Organizations handling CUI must guarantee that every byte exchanged comes from the expected source and hasn't been altered in transit.
What evidence assessors expect
Assessors typically look for: screenshot, configuration export, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on SC.L2-3.13.15.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →