SI.L2-3.14.2 — Provide protection from malicious code at designated locations within organizational systems.
What this control requires
Provide protection from malicious code at designated locations within organizational systems.
Source: CMMC L2 v2.13 SI.L2-3.14.2 / NIST SP 800-171 R2 3.14.2 (official control text).
Why this matters
Malicious code — viruses, ransomware, worms, Trojans, spyware — enters your network through email attachments, web downloads, USB drives, and compromised websites. Without protection at key entry and exit points (endpoints, email gateways, web proxies, file servers), a single infected file can encrypt your data, exfiltrate CUI, or grant attackers persistent access. This control requires deploying antivirus, anti-malware, and reputation-based scanning at every location where code enters or executes within your environment. The goal is to detect and block threats before they reach critical systems or spread laterally across your network.
What evidence assessors expect
Assessors typically look for: screenshot, CSV export. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on SI.L2-3.14.2.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →