SC.L2-3.13.2 — Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems.
What this control requires
Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems.
Source: CMMC L2 v2.13 SC.L2-3.13.2 / NIST SP 800-171 R2 3.13.2 (official control text).
Why this matters
This control ensures the organization builds security into systems from the ground up rather than bolting it on afterward. When development teams apply security engineering principles during design and coding, they create systems that resist attack, fail safely, and protect sensitive data by default. Without these practices, applications and infrastructure become riddled with vulnerabilities — SQL injection, broken authentication, insecure APIs — that adversaries exploit to steal CUI, disrupt operations, or pivot deeper into networks. This control transforms security from an afterthought into a foundational engineering discipline.
What evidence assessors expect
Assessors typically look for: PDF, training certificate, screenshot. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on SC.L2-3.13.2.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →