03.13.05 —

What this control requires

Source: NIST SP 800-171 R3 §03.13.05 (official control text).

Why this matters

System and communications protection controls defend networks and data from unauthorized interception, modification, or destruction. This requirement ensures organizations implement protective measures across their information systems — including boundary protections, transmission security, and denial-of-service defenses. Without documented system protections, attackers can exploit vulnerabilities in network architecture, intercept sensitive communications, or overwhelm systems with malicious traffic. These controls create defense-in-depth layers that make it exponentially harder for adversaries to access or disrupt controlled unclassified information. Organizations must prove they've deployed technical safeguards that actively protect data in transit and systems under operation.

What evidence assessors expect

Assessors typically look for: screenshot, configuration export, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls