Mapped to NIST 800-171 Requirement: 3.1.22
CMMC Assessment Objective: AC.L2-3.1.22[a]
What This Objective Means
Before a user can log in, your systems must display a notification message that clearly communicates:
• The system is for authorized use only
• User activity may be monitored
• By logging in, the user consents to monitoring and acceptable use terms
This message typically appears on login screens for:
• Workstations
• Servers
• VPN portals
• Web-based access points
• Remote desktop gateways
This objective asks whether you know what your system use notification messages actually say—and whether they meet compliance expectations.
Why It Matters
System use notices:
• Provide legal consent to monitor user activity
• Warn users against unauthorized access
• Reinforce acceptable use policies
• May be required by contract clauses or government guidance
Failing to display a compliant message could invalidate your monitoring authority and weaken your legal posture.
How to Implement It
• Identify and document all system use messages currently in use across:
◦ End-user workstations
◦ Remote access platforms
◦ Cloud environments
◦ Any publicly accessible login portals
• Confirm messages include language covering:
◦ Authorized use only
◦ Consent to monitoring
◦ System may be audited or inspected
• Keep a record of where these messages are configured and who maintains them
Evidence the Assessor Will Look For
• Screenshots of login banners or system use notifications
• Documentation showing standard language used across systems
• Configuration management records or policies indicating where banners are set
• Sample text included in your System Security Plan (SSP) or acceptable use policy
Common Gaps
• No system use notice at all
• Generic messages with no monitoring or consent language
• Inconsistent messages across platforms
How Cuick Trac Helps
Cuick Trac supports this control by:
• Displaying a standardized system use message across all access points
• Ensuring the message includes all required elements: authorization, monitoring, and consent
• Helping organizations implement consistent language across internal and cloud environments
• Providing documentation and screenshots for audit and assessment evidence
With Cuick Trac, every user sees a clear, compliant warning—before they ever log in.
Final CTA
If users don’t know the rules before login, you’ve already lost control.
Schedule a Cuick Trac demo and ensure your system use notifications are accurate, visible, and compliant.