SI.L2-3.14.6 — Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.

What this control requires

Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.

Source: CMMC L2 v2.13 SI.L2-3.14.6 / NIST SP 800-171 R2 3.14.6 (official control text).

Why this matters

Network traffic monitoring detects active intrusions, malware communications, data exfiltration, and command-and-control callbacks in real time. Without continuous observation of what enters and leaves your network perimeter and moves between internal systems, attackers can operate undetected for months, stealing controlled unclassified information (CUI) or establishing persistent footholds. This control requires both perimeter monitoring (what crosses your boundary) and internal monitoring (lateral movement, unusual service access, unauthorized data flows). Monitoring transforms reactive security into proactive threat hunting, enabling rapid incident response before damage escalates.

What evidence assessors expect

Assessors typically look for: screenshot, configuration export, log file. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls