SI.L2-3.14.7 — Identify unauthorized use of organizational systems.
What this control requires
Identify unauthorized use of organizational systems.
Source: CMMC L2 v2.13 SI.L2-3.14.7 / NIST SP 800-171 R2 3.14.7 (official control text).
Why this matters
Unauthorized use of organizational systems — whether by insiders abusing access, external attackers who've breached the perimeter, or malware propagating laterally — represents active compromise. Without continuous monitoring that flags anomalies in login patterns, traffic flows, privileged commands, and resource access, adversaries operate undetected for months, exfiltrating data and establishing persistence. This control mandates automated detection tooling that correlates authentication logs, network traffic, endpoint behavior, and cloud API calls to surface suspicious activity before it escalates into full breach.
What evidence assessors expect
Assessors typically look for: screenshot, configuration export, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on SI.L2-3.14.7.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →