03.14.06 — (a) Monitor the system to detect: (b) Identify unauthorized use of the system. (c) Monitor inbound and outbound communications traffic to detect unusual or unauthorized activities or conditions.

What this control requires

(a) Monitor the system to detect: (b) Identify unauthorized use of the system. (c) Monitor inbound and outbound communications traffic to detect unusual or unauthorized activities or conditions.

Source: NIST SP 800-171 R3 §03.14.06 (official control text).

Why this matters

Real-time system monitoring acts as your organization's security watchtower, detecting threats the moment they emerge rather than discovering breaches weeks later through forensic analysis. By continuously observing authentication attempts, network traffic patterns, and system behavior, you identify compromised credentials, data exfiltration, lateral movement by attackers, and malware command-and-control communications while damage can still be contained. Without monitoring, adversaries operate undetected for months, stealing CUI and establishing persistent backdoors. This control transforms your security posture from reactive investigation to proactive threat interdiction, protecting both your data and your customers' sensitive information from unauthorized access and theft.

What evidence assessors expect

Assessors typically look for: screenshot, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls