SI.L2-3.14.5 — Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed.

What this control requires

Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed.

Source: CMMC L2 v2.13 SI.L2-3.14.5 / NIST SP 800-171 R2 3.14.5 (official control text).

Why this matters

Malicious code—viruses, ransomware, trojans, and exploits—enters networks through email attachments, downloads, USB drives, and compromised websites. Without continuous scanning, a single infected file can spread laterally, encrypt critical data, or establish persistent backdoors for attackers. This control requires both scheduled full-system scans to catch dormant threats and immediate real-time scanning of any file entering the environment. Together, these layers detect known malware signatures, suspicious behaviors, and zero-day threats before they execute, protecting mission-critical systems and controlled unclassified information from compromise.

What evidence assessors expect

Assessors typically look for: screenshot, CSV export, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls