SC.L2-3.13.4 — Prevent unauthorized and unintended information transfer via shared system resources.

What this control requires

Prevent unauthorized and unintended information transfer via shared system resources.

Source: CMMC L2 v2.13 SC.L2-3.13.4 / NIST SP 800-171 R2 3.13.4 (official control text).

Why this matters

When multiple users or processes share computing resources like memory, disk sectors, or CPU registers, data from one user can accidentally leak to another if the system doesn't properly clear those resources between uses. This control prevents sensitive information from one session appearing in another user's workspace through leftover data fragments. It protects against data spillage in multi-tenant environments, virtual machines, shared storage systems, and any scenario where system resources are pooled and reallocated. The threat is unintentional disclosure of CUI to unauthorized users who happen to be allocated the same memory block, disk sector, or virtual machine that previously held someone else's sensitive data.

What evidence assessors expect

Assessors typically look for: screenshot, configuration export, PDF, photo. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls